[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #29583 [Core Tor/Tor]: HSv3: Faulty cross-certs in introduction point keys (allows naive onionbalance for v3s)

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #29583 [Core Tor/Tor]: HSv3: Faulty cross-certs in introduction point keys (allows naive onionbalance for v3s)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 26 Feb 2019 14:55:14 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 26 Feb 2019 09:55:23 -0500
In-reply-to: <043.1a0c8d2569a7d39461d225f1928b20b4@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.1a0c8d2569a7d39461d225f1928b20b4@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#29583: HSv3: Faulty cross-certs in introduction point keys (allows naive
onionbalance for v3s)
-----------------------------------------+---------------------------------
 Reporter:  asn                          |          Owner:  (none)
     Type:  defect                       |         Status:  new
 Priority:  Medium                       |      Milestone:  Tor:
                                         |  unspecified
Component:  Core Tor/Tor                 |        Version:
 Severity:  Normal                       |     Resolution:
 Keywords:  tor-hs scaling onionbalance  |  Actual Points:
Parent ID:  #26768                       |         Points:
 Reviewer:                               |        Sponsor:
-----------------------------------------+---------------------------------

Comment (by nickm):

 If we do decide to fix this (and I think we should), I think we'll need a
 multistep process.  Something like this:

 1. Begin including the correct versions of these certificates.  Continue
 including the current (incorrect) versions so as not to break existing
 clients, but mark them with an extension to indicate that you should only
 accept them when the correct certificates are present too.
 2. Check the new (correct certificates) when they are present.
 3. Stop including the old (incorrect) certificates.

 For step 1 and step 2, we'll probably want to use a consensus-triggered
 feature to avoid fingerprinting.  We can't do step 3 until 2022, when
 support for 0.3.5.x ends, unless we decide to backport this or something,
 which would be ... questionable.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29583#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #29583 [Core Tor/Tor]: HSv3: Faulty cross-certs in introduction point keys (allows naive onionbalance for v3s)
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #27531 [Applications/Tor Browser]: Tor Browser 8 crashes trying to print on Linux
Next by Author: Re: [tor-bugs] #29327 [Applications/Tor Browser]: TypeError: hostName is null on about:tor page
Previous by thread: Re: [tor-bugs] #29583 [Core Tor/Tor]: HSv3: Faulty cross-certs in introduction point keys (allows naive onionbalance for v3s)
Next by thread: Re: [tor-bugs] #29583 [Core Tor/Tor]: HSv3: Faulty cross-certs in introduction point keys (allows naive onionbalance for v3s)
Index(es):
- Author
- Thread