r8822@totoro: nickm | 2006-10-01 16:24:22 -0400

Fix bug 303: reject attempts to use Tor as a one-hop proxy. svn:r8566
author: Nick Mathewson <nickm@torproject.org> 2006-10-01 20:50:11 +0000
committer: Nick Mathewson <nickm@torproject.org> 2006-10-01 20:50:11 +0000
commit: ce72a9914e5e996f3c47cc9ec368309e0f1c861e (patch)
tree: 785572be5289ef84e5f846007a62713494d4ea68 /doc/tor-spec.txt
parent: 7ed921708f94b23653a65173a5b61ddeff6e9125 (diff)
download: tor-ce72a9914e5e996f3c47cc9ec368309e0f1c861e.tar.gz
tor-ce72a9914e5e996f3c47cc9ec368309e0f1c861e.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/tor-spec.txt b/doc/tor-spec.txt
index 17ebf4a02a..bca3ebe5c5 100644
--- a/doc/tor-spec.txt
+++ b/doc/tor-spec.txt
@@ -410,6 +410,11 @@ TODO:
    [Versions of Tor before 0.1.0.6-rc did not support these cell types;
     clients should not send CREATE_FAST cells to older Tor servers.]
 
+   If an OR sees a circuit created with CREATE_FAST, the OR is sure to be the
+   first hop of a circuit.  ORs SHOULD reject attempts to create streams with
+   RELAY_BEGIN exiting the circuit at the first hop: letting Tor be used as a
+   single hop proxy makes exit nodes a more attractive target for compromise.
+
 5.2. Setting circuit keys
 
    Once the handshake between the OP and an OR is completed, both can
author	Nick Mathewson <nickm@torproject.org>	2006-10-01 20:50:11 +0000
committer	Nick Mathewson <nickm@torproject.org>	2006-10-01 20:50:11 +0000
commit	ce72a9914e5e996f3c47cc9ec368309e0f1c861e (patch)
tree	785572be5289ef84e5f846007a62713494d4ea68 /doc/tor-spec.txt
parent	7ed921708f94b23653a65173a5b61ddeff6e9125 (diff)
download	tor-ce72a9914e5e996f3c47cc9ec368309e0f1c861e.tar.gz tor-ce72a9914e5e996f3c47cc9ec368309e0f1c861e.zip