[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r16327: Proposal 121: Use first part of Diffie-Hellman handshake for (tor/trunk/doc/spec/proposals)
Author: kloesing
Date: 2008-08-01 07:19:43 -0400 (Fri, 01 Aug 2008)
New Revision: 16327
Modified:
tor/trunk/doc/spec/proposals/121-hidden-service-authentication.txt
Log:
Proposal 121: Use first part of Diffie-Hellman handshake for replay protection instead of rendezvous cookie.
Modified: tor/trunk/doc/spec/proposals/121-hidden-service-authentication.txt
===================================================================
--- tor/trunk/doc/spec/proposals/121-hidden-service-authentication.txt 2008-08-01 11:00:02 UTC (rev 16326)
+++ tor/trunk/doc/spec/proposals/121-hidden-service-authentication.txt 2008-08-01 11:19:43 UTC (rev 16327)
@@ -28,6 +28,8 @@
with Nick
31-Jul-2008 Limit maximum descriptor size to 20 kilobytes to prevent
abuse.
+ 01-Aug-2008 Use first part of Diffie-Hellman handshake for replay
+ protection instead of rendezvous cookie.
Overview:
@@ -385,10 +387,13 @@
When receiving a v3 INTRODUCE2 cell, Bob checks whether a client has
provided valid authorization data to him. He also requires that the
timestamp is no more than 30 minutes in the past or future and that the
- rendezvous cookie has not been used in the past 60 minutes to prevent
- replay attacks by rogue introduction points. If all checks pass, Bob
- builds a circuit to the provided rendezvous point and otherwise drops the
- cell.
+ first part of the Diffie-Hellman handshake has not been used in the past
+ 60 minutes to prevent replay attacks by rogue introduction points. (The
+ reason for not using the rendezvous cookie to detect replays---even
+ though it is only sent once in the current design---is that it might be
+ desirable to re-use rendezvous cookies for multiple introduction requests
+ in the future.) If all checks pass, Bob builds a circuit to the provided
+ rendezvous point and otherwise drops the cell.
1.4. Summary of authorization data fields