From 48ea06ea02f3416f06b41919987ec9babf429e94 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 17 Jul 2006 05:12:54 +0000 Subject: nick suggests that the hello cell should have both server IP and client IP. he's right. svn:r6771 --- doc/tor-spec.txt | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/doc/tor-spec.txt b/doc/tor-spec.txt index 6045fc0c55..15ad50623b 100644 --- a/doc/tor-spec.txt +++ b/doc/tor-spec.txt @@ -748,9 +748,8 @@ when do we rotate which keys (tls, link, etc)? Version [1 byte] Timestamp [4 bytes] - Number of addresses [1 byte] - Addresses [variable] - others? + Server-side address [variable] + Client-side address [variable] Version is the "link version", and dictates what types and formats of cells can be sent/received. It should be 1. A Tor connection is @@ -760,12 +759,15 @@ when do we rotate which keys (tls, link, etc)? Timestamp is the OR's current Unix time (GMT). Each address contains Type/Length/Value as used in Section 5.4. - This section lists all addresses that the OR has published and is - listening to now -- we include them to block a man-in-the-middle + The first address is the one that the OR has published and is + listening to now -- we include it to block a man-in-the-middle attack on TLS that lets an attacker bounce traffic through his own computers to enable timing and packet-counting attacks. [Do we want to provide just one address? Do we want to be more general by accepting netmasks or something? -RD] + The second address is the one that the client OP or OR has used to + connect to the server -- it can be used to learn what your IP address + is if you have no other hints. If we receive a HELLO cell with a version we do not recognize, we drop it. If we receive a HELLO cell with a version that is older than the -- cgit v1.2.3-54-g00ecf