[tor-commits] [tor/master] channeltls: Clarify a relay impersonation defence

[teor@xxxxxxxxxxxxxx]

commit 7517e1b5d31aada1f594c2594737a231d9d8e116
Author: teor <teor@xxxxxxxxxxxxxx>
Date:   Tue Apr 28 21:11:10 2020 +1000

    channeltls: Clarify a relay impersonation defence
    
    Clarify the comments in channel_tls_matches_target_method(), and make
    it clear that the attack is a covert attack.
---
 src/core/or/channeltls.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c
index 5cedd9fbc..b424d02a5 100644
--- a/src/core/or/channeltls.c
+++ b/src/core/or/channeltls.c
@@ -739,10 +739,13 @@ channel_tls_matches_target_method(channel_t *chan,
    * base_.addr is updated by connection_or_init_conn_from_address()
    * to be the address in the descriptor. It may be tempting to
    * allow either address to be allowed, but if we did so, it would
-   * enable someone who steals a relay's keys to impersonate/MITM it
+   * enable someone who steals a relay's keys to covertly impersonate/MITM it
    * from anywhere on the Internet! (Because they could make long-lived
    * TLS connections from anywhere to all relays, and wait for them to
    * be used for extends).
+   *
+   * An adversary who has stolen a relay's keys could also post a fake relay
+   * descriptor, but that attack is easier to detect.
    */
   return tor_addr_eq(&(tlschan->conn->real_addr), target);
 }

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits