diff options
-rw-r--r-- | tor-spec.txt | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/tor-spec.txt b/tor-spec.txt index 7f0256e..df0ca38 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -1378,8 +1378,10 @@ see tor-design.pdf. - The IP matches the requested IP. - The OR knows that the IP of the connection it's using is canonical because it was listed in the NETINFO cell. - - The OR knows that the IP of the connection it's using is canonical - because it was listed in the server descriptor. + + ORs SHOULD NOT check the IPs that are listed in the server descriptor. + Trusting server IPs makes it easier to covertly impersonate a relay, after + stealing its keys. 5.4. Tearing down circuits |