diff options
author | George Kadianakis <desnacked@riseup.net> | 2012-12-06 16:38:44 +0200 |
---|---|---|
committer | George Kadianakis <desnacked@riseup.net> | 2012-12-06 16:38:44 +0200 |
commit | aeebf8950ad137478b661cc2b6fa4c47c5f88f2f (patch) | |
tree | fff700978049e8e2d1fd063f5cffe93806878f65 /proposals/196-transport-control-ports.txt | |
parent | 630b334bb0727653f561b477e3cd1ce8a7905c04 (diff) | |
download | torspec-aeebf8950ad137478b661cc2b6fa4c47c5f88f2f.tar.gz torspec-aeebf8950ad137478b661cc2b6fa4c47c5f88f2f.zip |
Some additions related to the Extended ORPort.
Diffstat (limited to 'proposals/196-transport-control-ports.txt')
-rw-r--r-- | proposals/196-transport-control-ports.txt | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/proposals/196-transport-control-ports.txt b/proposals/196-transport-control-ports.txt index 549e8ce..c7f1c3a 100644 --- a/proposals/196-transport-control-ports.txt +++ b/proposals/196-transport-control-ports.txt @@ -159,7 +159,27 @@ Target: 0.2.4.x command it MAY want to shutdown its connections to the transport proxy. -5. Security Considerations +5. Authentication + + To defend against cross-protocol attacks on the Extended ORPOrt, + proposal 213 defines an authentication scheme that should be used to + protect it. + + If the Extended ORPort is enabled, Tor should regenerate the cookie + file of proposal 213 on startup and store it in + $DataDirectory/extended_orport_auth_cookie. + + The location of the cookie can be overriden by using the + configuration file parameter ExtORPortCookieAuthFile, which is + defined as: + + ExtORPortCookieAuthFile <path> + + where <path> is a filesystem path. + + XXX should we also add an ExtORPortCookieFileGroupReadable torrc option? + +6. Security Considerations Extended ORPort or TransportControlPort do _not_ provide link confidentiality, authentication or integrity. Sensitive data, like @@ -176,7 +196,7 @@ Target: 0.2.4.x instructed to connect to a non-localhost Extended ORPort or TransportControlPort. -6. Future +7. Future In the future, we might have pluggable transports which require the _client_ transport proxy to use the TransportControlPort and exchange |