From f7a3cdc8f27c2306cf06d742af63846c82ebdc56 Mon Sep 17 00:00:00 2001 From: Sebastian Hahn Date: Wed, 9 Mar 2011 11:34:04 +0100 Subject: Use observed instead of declared uptime for HSDir It is important to verify the uptime claim of a relay instead of just trusting it, otherwise it becomes too easy to blackhole a specific hidden service. rephist already has data available that we can use here. Bugfix on 0.2.0.10-alpha. --- changes/hsdir_assignment | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 changes/hsdir_assignment (limited to 'changes/hsdir_assignment') diff --git a/changes/hsdir_assignment b/changes/hsdir_assignment new file mode 100644 index 0000000000..ba019901ee --- /dev/null +++ b/changes/hsdir_assignment @@ -0,0 +1,7 @@ + o Security fixes: + - Directory authorities now use data collected from rephist when + choosing whether to assign the HSDir flag to relays, instead of + trusting the uptime value the relay reports in its descriptor. + This helps prevent an attack where relatively few malaicious + nodes can blackhole any given hidden service. Bugfix on + 0.2.0.10-alpha; fixes bug 2709. -- cgit v1.2.3-54-g00ecf