channeltls: Clarify a relay impersonation defence

Clarify the comments in channel_tls_matches_target_method(), and make it clear that the attack is a covert attack.
author: teor <teor@torproject.org> 2020-04-28 21:11:10 +1000
committer: teor <teor@torproject.org> 2020-04-28 21:11:10 +1000
commit: 7517e1b5d31aada1f594c2594737a231d9d8e116 (patch)
tree: 322b2e8da20b5f8b304b5832bbd9b4f350fe961f /src/core/or/channeltls.c
parent: 7f9eaec538b7d01e0d1b130dc4cf2ec634252d46 (diff)
download: tor-7517e1b5d31aada1f594c2594737a231d9d8e116.tar.gz
tor-7517e1b5d31aada1f594c2594737a231d9d8e116.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c
index 5cedd9fbca..b424d02a59 100644
--- a/src/core/or/channeltls.c
+++ b/src/core/or/channeltls.c
@@ -739,10 +739,13 @@ channel_tls_matches_target_method(channel_t *chan,
    * base_.addr is updated by connection_or_init_conn_from_address()
    * to be the address in the descriptor. It may be tempting to
    * allow either address to be allowed, but if we did so, it would
-   * enable someone who steals a relay's keys to impersonate/MITM it
+   * enable someone who steals a relay's keys to covertly impersonate/MITM it
    * from anywhere on the Internet! (Because they could make long-lived
    * TLS connections from anywhere to all relays, and wait for them to
    * be used for extends).
+   *
+   * An adversary who has stolen a relay's keys could also post a fake relay
+   * descriptor, but that attack is easier to detect.
    */
   return tor_addr_eq(&(tlschan->conn->real_addr), target);
 }
author	teor <teor@torproject.org>	2020-04-28 21:11:10 +1000
committer	teor <teor@torproject.org>	2020-04-28 21:11:10 +1000
commit	7517e1b5d31aada1f594c2594737a231d9d8e116 (patch)
tree	322b2e8da20b5f8b304b5832bbd9b4f350fe961f /src/core/or/channeltls.c
parent	7f9eaec538b7d01e0d1b130dc4cf2ec634252d46 (diff)
download	tor-7517e1b5d31aada1f594c2594737a231d9d8e116.tar.gz tor-7517e1b5d31aada1f594c2594737a231d9d8e116.zip