[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [torspec/master] Prop 312: Explain why untrusted addresses are bad
commit 7a55bf166248a5ff210691cb219df1ec8e40ea29
Author: teor <teor@xxxxxxxxxxxxxx>
Date: Tue Feb 4 12:10:18 2020 +1000
Prop 312: Explain why untrusted addresses are bad
And describe a potential attack that gives a relay the wrong address,
then monitors its traffic.
As suggested by Nick Mathewson.
Part of 33073.
---
proposals/312-relay-auto-ipv6-addr.txt | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/proposals/312-relay-auto-ipv6-addr.txt b/proposals/312-relay-auto-ipv6-addr.txt
index 05ff9de..ecea79b 100644
--- a/proposals/312-relay-auto-ipv6-addr.txt
+++ b/proposals/312-relay-auto-ipv6-addr.txt
@@ -1,6 +1,6 @@
Filename: 312-relay-auto-ipv6-addr.txt
Title: Tor Relays Automatically Find Their IPv6 Address
-Author: teor
+Author: teor, Nick Mathewson
Created: 28-January-2020
Status: Draft
Ticket: #33073
@@ -131,8 +131,18 @@ Ticket: #33073
* Reliable is better than Unreliable.
Within these constraints, we try to find the simplest working design.
- Therefore, we propose that tor tries to find relay IPv4 and IPv6 addresses
- in this order:
+ If a relay is given the wrong address by an attacker, the attacker can
+ direct all inbound relay traffic to their own address. They can't decrypt
+ the traffic without the relay's private keys, but they can monitor traffic
+ patterns.
+
+ Therefore, we only use untrusted address discovery methods, if every other
+ method has failed. Any method that uses DNS is potentially untrusted,
+ because DNS is often a remote, unauthenticated service. And addresses
+ provided by other directory servers are also untrusted.
+
+ Based on these principles, we propose that tor tries to find relay IPv4 and
+ IPv6 addresses in this order:
1. the Address torrc option
2. the advertised ORPort address
3. the advertised DirPort address (IPv4 only; relays, not bridges)
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits