Describe handling of END cells and half-open streams.

Originally designed in tor#25573 as part of a defense for the DropMark attack by Rochet and Pereira. Closes torspec#33.
author: Nick Mathewson <nickm@torproject.org> 2021-03-03 14:13:48 -0500
committer: Nick Mathewson <nickm@torproject.org> 2021-03-03 14:13:48 -0500
commit: 952024f5c354d59d0df51b6c2fe94045fa9cb926 (patch)
tree: f44ac2fe5096afc7a63726ea3725d3c78314c84d /tor-spec.txt
parent: 46f0bb6320b1b3c3bee8c0be5aa785612fc4eec0 (diff)
download: torspec-952024f5c354d59d0df51b6c2fe94045fa9cb926.tar.gz
torspec-952024f5c354d59d0df51b6c2fe94045fa9cb926.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/tor-spec.txt b/tor-spec.txt
index 11a991a..62b7d5d 100644
--- a/tor-spec.txt
+++ b/tor-spec.txt
@@ -1822,6 +1822,16 @@ see tor-design.pdf.
    [*] Older versions of Tor also send this reason when connections are
        reset.
 
+   Upon receiving a RELAY_END cell, the recipient may be sure that no further
+   cells will arrive on that stream, and can treat such cells as a protocol
+   violation.
+
+   After sending a RELAY_END cell, the sender needs to give the recipient
+   time to receive that cell.  In the meantime, the sender SHOULD remember
+   how many cells of which types (CONNECTED, SENDME, DATA) that it would have
+   accepted on that stream, and SHOULD kill the circuit if it receives more
+   than permitted.
+
    --- [The rest of this section describes unimplemented functionality.]
 
    Because TCP connections can be half-open, we follow an equivalent
author	Nick Mathewson <nickm@torproject.org>	2021-03-03 14:13:48 -0500
committer	Nick Mathewson <nickm@torproject.org>	2021-03-03 14:13:48 -0500
commit	952024f5c354d59d0df51b6c2fe94045fa9cb926 (patch)
tree	f44ac2fe5096afc7a63726ea3725d3c78314c84d /tor-spec.txt
parent	46f0bb6320b1b3c3bee8c0be5aa785612fc4eec0 (diff)
download	torspec-952024f5c354d59d0df51b6c2fe94045fa9cb926.tar.gz torspec-952024f5c354d59d0df51b6c2fe94045fa9cb926.zip