[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3460 [Tor Hidden Services]: Replay-detection window for HS INTRODUCE2 cells causes HS reachability failures (was: Expand replay-detection window for HS INTRODUCE2 cells)

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #3460 [Tor Hidden Services]: Replay-detection window for HS INTRODUCE2 cells causes HS reachability failures (was: Expand replay-detection window for HS INTRODUCE2 cells)
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Mon, 17 Oct 2011 11:08:26 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 17 Oct 2011 07:08:39 -0400
In-reply-to: <047.26a5990d51c061b1584b630467791ea2@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.26a5990d51c061b1584b630467791ea2@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#3460: Replay-detection window for HS INTRODUCE2 cells causes HS reachability
failures
---------------------------------+------------------------------------------
 Reporter:  rransom              |          Owner:  rransom           
     Type:  task                 |         Status:  new               
 Priority:  normal               |      Milestone:  Tor: 0.2.2.x-final
Component:  Tor Hidden Services  |        Version:                    
 Keywords:                       |         Parent:                    
   Points:                       |   Actualpoints:                    
---------------------------------+------------------------------------------
Changes (by rransom):

  * milestone:  Tor: 0.2.3.x-final => Tor: 0.2.2.x-final


Comment:

 My plan for how to fix this no longer involves expanding the replay-
 detection window, even on 0.2.2.x.

 The Right Thing is to split our current 60-minute per-hidden-service (at
 least I hope it's per-HS) replay-detection cache (which handles both
 clients' DH public keys and the RSA-encrypted portions of INTRODUCE2
 cells) into a per-HS DH public key replay cache that only holds entries
 for five minutes, purely as a performance improvement (so we continue to
 not launch multiple attempts to connect to a single rendezvous point), and
 a per-intro-point replay cache that holds the non-malleable part of the
 INTRODUCE2 message for the lifetime of the intro point, to provide
 security against replay attacks.

 The easiest way to limit the size of the per-intro-point replay cache will
 be to limit the number of INTRODUCE2 cells sent to each intro point before
 it is replaced.

 I'm setting this ticket back to 0.2.2.x, because the scary part of this
 change will be making intro points expire after a while, and we need to
 apply that to 0.2.2.x in order to fix the service-side part of #3825.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3460#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #3825 [Tor Hidden Services]: HS intro points overloaded with CREATE cells cause connectivity failures (was: Hidden service unavailable even though I know its up)
Next by Author: Re: [tor-bugs] #2794 [Analysis]: Find a good metric for bridge churn
Previous by thread: Re: [tor-bugs] #3825 [Tor Hidden Services]: HS intro points overloaded with CREATE cells cause connectivity failures (was: Hidden service unavailable even though I know its up)
Next by thread: Re: [tor-bugs] #3996 [Tor bundles/installation]: OpenSSL update
Index(es):
- Author
- Thread