[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17604 [Tor]: Try to use only one canonical connection

Subject: Re: [tor-bugs] #17604 [Tor]: Try to use only one canonical connection
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 14 Nov 2015 21:27:37 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 14 Nov 2015 16:27:44 -0500
In-reply-to: <049.9b547bf776b3f3775098640c9c4bf781@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.9b547bf776b3f3775098640c9c4bf781@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17604: Try to use only one canonical connection
-----------------------+---------------------------
 Reporter:  mikeperry  |          Owner:  mikeperry
     Type:  defect     |         Status:  new
 Priority:  Medium     |      Milestone:
Component:  Tor        |        Version:
 Severity:  Normal     |     Resolution:
 Keywords:             |  Actual Points:
Parent ID:  #16861     |         Points:
  Sponsor:             |
-----------------------+---------------------------

Comment (by mikeperry):

 I'm also tempted to patch channel_tls_matches_target_method() so that it
 allows extend cells to be sent on an orconn if they match either the
 descriptor address or the actual originating address of an orconn. This
 would also help converge on a single orconn for relays that have outbound
 traffic from different IPs as their inbound traffic.

 However, it will also mean that it becomes possible to steal a relay's
 keys and start making TLS connections to all other relays from anywhere on
 the Internet, and wait for those connections to become old enough to be
 chosen for extends. This issue may outweigh the corner case. It probably
 does, in fact. Happy to hear thoughts, though. Maybe there are other
 things that would prevent this attack?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17604#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17604 [Tor]: Try to use only one canonical connection
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #17588 [GetTor]: GetTor Logging
Next by Author: Re: [tor-bugs] #17592 [Tor]: Clean up connection timeout logic
Previous by thread: [tor-bugs] #17604 [Tor]: Try to use only one canonical connection
Next by thread: Re: [tor-bugs] #17604 [Tor]: Try to use only one canonical connection
Index(es):
- Author
- Thread