[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #26928 [Core Tor/Tor]: Taint untrusted link authentication keys



#26928: Taint untrusted link authentication keys
------------------------------+------------------------------
     Reporter:  teor          |      Owner:  (none)
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:  Tor: unspecified
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:  tor-hs
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+------------------------------
 We should taint untrusted link auth keys, and then downgrade connections
 using tainted keys to protocol warnings.

 Link auth keys from the following sources are trusted:
 * hard-coded authorities
 * the consensus signed by hard-coded authorities

 Link auth keys from the following sources are untrusted:
 * hardcoded fallback dirs, because relay keys change over time
 * our state file (if not confirmed in the consensus), because relay keys
 change over time
 * onion service descriptors, because they come from untrusted services
 * onion service introduce cells, because they come from untrusted clients

 Split off #26924.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26928>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs