diff options
| author | Nick Mathewson <nickm@torproject.org> | 2006-10-01 20:50:11 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2006-10-01 20:50:11 +0000 |
| commit | ce72a9914e5e996f3c47cc9ec368309e0f1c861e (patch) | |
| tree | 785572be5289ef84e5f846007a62713494d4ea68 /doc | |
| parent | 7ed921708f94b23653a65173a5b61ddeff6e9125 (diff) | |
| download | tor-ce72a9914e5e996f3c47cc9ec368309e0f1c861e.tar.gz tor-ce72a9914e5e996f3c47cc9ec368309e0f1c861e.zip | |
r8822@totoro: nickm | 2006-10-01 16:24:22 -0400
Fix bug 303: reject attempts to use Tor as a one-hop proxy.
svn:r8566
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/TODO | 13 | ||||
| -rw-r--r-- | doc/tor-spec.txt | 5 |
2 files changed, 14 insertions, 4 deletions
@@ -41,15 +41,17 @@ N - Bug 200: disprefer exit nodes for entry, middle. - If 2/3 support port X, weight exits 1/2; weight non-exits 1. - (Exit fraction - 1/3):Non-exit fraction - (e - 1/3)/(1-e) -N - Bug 303: block exit from circuits created with create-fast - - Specify and document - - Implement - - Note that we'd like a better speed-bump too. + o Bug 303: block exit from circuits created with create-fast + o Specify and document + o Implement + o Note that we'd like a better speed-bump too. o Bug 336: CIRC events should have digests when appropriate. N - figure out the right thing to do when telling nicknames to controllers. We should always give digest, and possibly sometimes give nickname? Or digest, and nickname, with indication of whether name is canonical? + - edmanm likes $DIGEST~nickname for unNamed routers, and + $DIGEST=nickname for Named routers. So do I. N - Bug 326: make eventdns thrash less. N - Test guard unreachable logic; make sure that we actually attempt to connect to guards that we think are unreachable from time to time. @@ -84,6 +86,7 @@ N . Have (and document) a BEGIN_DIR relay cell that means "Connect to your - Use for something, so we can be sure it works. - Test and debug +N - Send back RELAY_END cells on malformed RELAY_BEGIN. x - We should ship with a list of stable dir mirrors -- they're not trusted like the authorities, but they'll provide more robustness @@ -390,6 +393,8 @@ R - Streamline how we pick entry nodes. Future version: - Configuration format really wants sections. - Good RBL substitute. + - Our current approach to block attempts to use Tor as a single-hop proxy + is pretty lame; we should get a better one. . Update the hidden service stuff for the new dir approach. - switch to an ascii format, maybe sexpr? - authdirservers publish blobs of them. diff --git a/doc/tor-spec.txt b/doc/tor-spec.txt index 17ebf4a02a..bca3ebe5c5 100644 --- a/doc/tor-spec.txt +++ b/doc/tor-spec.txt @@ -410,6 +410,11 @@ TODO: [Versions of Tor before 0.1.0.6-rc did not support these cell types; clients should not send CREATE_FAST cells to older Tor servers.] + If an OR sees a circuit created with CREATE_FAST, the OR is sure to be the + first hop of a circuit. ORs SHOULD reject attempts to create streams with + RELAY_BEGIN exiting the circuit at the first hop: letting Tor be used as a + single hop proxy makes exit nodes a more attractive target for compromise. + 5.2. Setting circuit keys Once the handshake between the OP and an OR is completed, both can |