[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #24964 [Core Tor/Tor]: dos: Block single hop client at the HSDir



#24964: dos: Block single hop client at the HSDir
--------------------------------------+------------------------------------
 Reporter:  dgoulet                   |          Owner:  dgoulet
     Type:  defect                    |         Status:  needs_revision
 Priority:  Medium                    |      Milestone:  Tor: 0.4.2.x-final
Component:  Core Tor/Tor              |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tor-dos, tor2web, tor-hs  |  Actual Points:  0.1
Parent ID:  #24962                    |         Points:  0.1
 Reviewer:                            |        Sponsor:  Sponsor27-must
--------------------------------------+------------------------------------

Comment (by dgoulet):

 Replying to [comment:7 arma]:
 > Replying to [comment:6 teor]:
 > > We could check that the previous hop is a relay in the consensus.
 > > If we do that check. then a small number of HSDir requests will fail,
 and the client will try another HSDir with another circuit.
 >
 > Careful there! That might be true for client requests (doing a GET), but
 it will be less true for service requests (doing a POST).

 This checks if the previous channel is client or not. That is
 unauthenticated. If the link is unauthenticated, then it is denied.

 The case of a service posting a descriptor will always work as long as the
 service does it through relays in consensus or not. If I'm not mistaken
 (?), all public relays will authenticate.

 The case of the client trying to go around that check with a relay not in
 the consensus I believe will still authenticate on the link? Unless it is
 a bridge?

 What am I missing here?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24964#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs