diff options
| author | teor <teor@torproject.org> | 2018-07-26 09:53:39 +1000 |
|---|---|---|
| committer | teor <teor@torproject.org> | 2018-07-26 09:54:30 +1000 |
| commit | 220ea886ec38f7c0ff4b56a1d97421ed182b87a3 (patch) | |
| tree | 19064ee562cc41134f24d3cb53d851dec7515fbd /tor-spec.txt | |
| parent | b592584b6ae3365158d610288cad8324e41b19f8 (diff) | |
| download | torspec-220ea886ec38f7c0ff4b56a1d97421ed182b87a3.tar.gz torspec-220ea886ec38f7c0ff4b56a1d97421ed182b87a3.zip | |
tor-spec: Generalise the first-hop ban to rend points and exit streams
Part of 26885.
Diffstat (limited to 'tor-spec.txt')
| -rw-r--r-- | tor-spec.txt | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/tor-spec.txt b/tor-spec.txt index ef0e12e..441ccee 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -1154,15 +1154,12 @@ see tor-design.pdf. Once both parties have X and Y, they derive their shared circuit keys and 'derivative key data' value via the KDF-TOR function in 5.2.1. - If an OR sees a circuit created with CREATE_FAST, the OR is sure to be the - first hop of a circuit. ORs SHOULD reject attempts to create streams with - RELAY_BEGIN exiting the circuit at the first hop: letting Tor be used as a - single hop proxy makes exit nodes a more attractive target for compromise. - The CREATE_FAST handshake is currently deprecated whenever it is not necessary; the migration is controlled by the "usecreatefast" networkstatus parameter as described in dir-spec.txt. + [Tor 0.3.1.1-alpha and later disable CREATE_FAST by default.] + 5.2. Setting circuit keys 5.2.1. KDF-TOR @@ -1305,8 +1302,24 @@ see tor-design.pdf. Circuits are torn down when an unrecoverable error occurs along the circuit, or when all streams on a circuit are closed and the - circuit's intended lifetime is over. Circuits may be torn down - either completely or hop-by-hop. + circuit's intended lifetime is over. + + ORs SHOULD also tear down circuits which attempt to create: + * streams with RELAY_BEGIN, or + * rendezvous points with ESTABLISH_RENDEZVOUS, + ending at the first hop. Letting Tor be used as a single hop proxy makes + exit and rendezvous nodes a more attractive target for compromise. + + ORs MAY use multiple methods to check if they are the first hop: + * If an OR sees a circuit created with CREATE_FAST, the OR is sure to be + the first hop of a circuit. + * If an OR is the responder, and the initiator: + * did not authenticate the link, or + * authenticated with a key that is not in the consensus, + then the OR is probably the first hop of a circuit (or the second hop of + a circuit via a bridge relay). + + Circuits may be torn down either completely or hop-by-hop. To tear down a circuit completely, an OR or OP sends a DESTROY cell to the adjacent nodes on that circuit, using the appropriate |