[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [or-cvs] make connection_tls_finish_handshake() more plausible.

To: or-dev@freehaven.net
Subject: Re: [or-cvs] make connection_tls_finish_handshake() more plausible.
From: Paul Syverson <syverson@itd.nrl.navy.mil>
Date: Wed, 21 Jul 2004 08:15:16 -0400
Delivered-to: archiver@seul.org
Delivered-to: or-dev-outgoing@seul.org
Delivered-to: or-dev@seul.org
Delivery-date: Wed, 21 Jul 2004 08:15:35 -0400
In-reply-to: <20040721021455.I22566@moria.mit.edu>
References: <20040721022516.5F6F833C19@moria.seul.org> <20040721033212.GA23781@itd.nrl.navy.mil> <20040721021455.I22566@moria.mit.edu>
Reply-to: or-dev@freehaven.net
Sender: owner-or-dev@freehaven.net
User-agent: Mutt/1.4.1i

On Wed, Jul 21, 2004 at 02:14:55AM -0400, Roger Dingledine wrote:
> [ For context, the cvs commit message is here:
> http://archives.seul.org/or/cvs/Jul-2004/msg00087.html ]
> 
> On Tue, Jul 20, 2004 at 11:32:12PM -0400, Paul Syverson wrote:
> > If we're going to accept connections from unknown routers, then
> > there should probably be a policy choice setting for that, possibly
> > a bound on how many rather than just a yes/no. Yes? No?
> 
> Is accepting connections from unknown routers a security risk? We still
> choose paths the same way we did before (that is, from the list of
> verified routers in one of the directories).
> 
> The only changes here are:
> 
> - OPs can now provide an SSL certificate (signed by some identity key)
> when they're doing the TLS handshake with you, and you won't freak out
> and hang up on them.
> - If somebody happens to send you an extend cell that asks you to extend
> to this identity key, then you'll notice you're already connected,
> so you won't have to launch a new connection.
> 
> So I think this particular change is safe enough.
> 

I guess I was thinking about resource depletion either by design or
accident and maybe related things.  Obviously there are potential
anonymity advantages if an OR can't be sure whether it is dealing with
a client or a relay node, but like everything else, this is a
two-edged sword. More significantly, with this change (automatic and
without a policy setting), someone who thinks he is running just an
intermediate node (accepting only local connections to other ORs or
relaying between other ORs in the directory) can find himself
effectively running an entrance node for others.  Maybe he doesn't
want to do that.

-Paul

Follow-Ups:
- Re: [or-cvs] make connection_tls_finish_handshake() more plausible.
  - From: Roger Dingledine <arma@mit.edu>

References:
- Re: [or-cvs] make connection_tls_finish_handshake() more plausible.
  - From: Paul Syverson <syverson@itd.nrl.navy.mil>
- Re: [or-cvs] make connection_tls_finish_handshake() more plausible.
  - From: Roger Dingledine <arma@mit.edu>

Prev by Author: Re: [or-cvs] make connection_tls_finish_handshake() more plausible.
Next by Author: Re: [or-cvs] make connection_tls_finish_handshake() more plausible.
Previous by thread: Re: [or-cvs] make connection_tls_finish_handshake() more plausible.
Next by thread: Re: [or-cvs] make connection_tls_finish_handshake() more plausible.
Index(es):
- Author
- Thread