[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #25870 [Core Tor/Tor]: Fix vanguard restrictions

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #25870 [Core Tor/Tor]: Fix vanguard restrictions
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 25 Apr 2018 15:37:56 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 25 Apr 2018 11:38:09 -0400
In-reply-to: <049.95285cc5972475342454fb6b7d94b808@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.95285cc5972475342454fb6b7d94b808@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#25870: Fix vanguard restrictions
--------------------------+------------------------------------
 Reporter:  mikeperry     |          Owner:  (none)
     Type:  defect        |         Status:  needs_review
 Priority:  Medium        |      Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:  #25546        |         Points:
 Reviewer:  asn           |        Sponsor:
--------------------------+------------------------------------

Comment (by mikeperry):

 Replying to [comment:6 asn]:
 > OK, the explanation above makes sense but it's also quite complicated.
 I'm gonna try to write some unittests and see if I can get a bit more
 confidence.
 >
 > Another design-level question: Why are we doing this change just for
 vanguard circuits and not for all circuits? Is it because we only aim to
 protect against guard-discovery attacks like #14917 only in vanguard
 circuits? Or because vanguard-circuits are naturally not 3-hops and so
 it's eaier to block A - B -A type circs? Or something else?

 I decided to do the first commit because it is a simple way to prevent the
 adversary from being able to influence your guard choice without
 completely changing how we build paths. I only did it for vanguards
 because we did not agree on a solution for how we want to handle
 restrictions in the general case. And also yes, with vanguards it does not
 create any degenerate conditions that induce warnings, but it would with
 normal circuits.

 I decided to do the second commit because the HSLayerN options will
 generate warnings on relays as-is. I originally removed all restrictions
 for vanguard circuits because of issues discovered during testing of
 #13837 and #24487. With two entry guards and this patch (which we can also
 do easily with vanguards), #24487 no longer leaks information to later
 layers, and the HSLayerN options will no longer cause warnings.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25870#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #25870 [Core Tor/Tor]: Fix vanguard restrictions
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #21039 [Core Tor/Tor]: Refactor and simplify guard code of circuit_send_next_onion_skin()
Next by Author: Re: [tor-bugs] #24862 [Metrics/Consensus Health]: Add per-relay descriptor timestamps to the consensus health detailed page
Previous by thread: Re: [tor-bugs] #25870 [Core Tor/Tor]: Fix vanguard restrictions
Next by thread: Re: [tor-bugs] #25870 [Core Tor/Tor]: Fix vanguard restrictions
Index(es):
- Author
- Thread