diff options
| author | teor <teor@torproject.org> | 2020-04-28 21:11:10 +1000 |
|---|---|---|
| committer | teor <teor@torproject.org> | 2020-04-28 21:11:10 +1000 |
| commit | 7517e1b5d31aada1f594c2594737a231d9d8e116 (patch) | |
| tree | 322b2e8da20b5f8b304b5832bbd9b4f350fe961f /src | |
| parent | 7f9eaec538b7d01e0d1b130dc4cf2ec634252d46 (diff) | |
| download | tor-7517e1b5d31aada1f594c2594737a231d9d8e116.tar.gz tor-7517e1b5d31aada1f594c2594737a231d9d8e116.zip | |
channeltls: Clarify a relay impersonation defence
Clarify the comments in channel_tls_matches_target_method(), and make
it clear that the attack is a covert attack.
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/or/channeltls.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c index 5cedd9fbca..b424d02a59 100644 --- a/src/core/or/channeltls.c +++ b/src/core/or/channeltls.c @@ -739,10 +739,13 @@ channel_tls_matches_target_method(channel_t *chan, * base_.addr is updated by connection_or_init_conn_from_address() * to be the address in the descriptor. It may be tempting to * allow either address to be allowed, but if we did so, it would - * enable someone who steals a relay's keys to impersonate/MITM it + * enable someone who steals a relay's keys to covertly impersonate/MITM it * from anywhere on the Internet! (Because they could make long-lived * TLS connections from anywhere to all relays, and wait for them to * be used for extends). + * + * An adversary who has stolen a relay's keys could also post a fake relay + * descriptor, but that attack is easier to detect. */ return tor_addr_eq(&(tlschan->conn->real_addr), target); } |