[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [or-cvs] make connection_tls_finish_handshake() more plausible.

To: or-dev@freehaven.net
Subject: Re: [or-cvs] make connection_tls_finish_handshake() more plausible.
From: Adam Shostack <adam@homeport.org>
Date: Wed, 21 Jul 2004 09:16:30 -0400
Delivered-to: archiver@seul.org
Delivered-to: or-dev-outgoing@seul.org
Delivered-to: or-dev@seul.org
Delivery-date: Wed, 21 Jul 2004 09:17:02 -0400
In-reply-to: <20040721021455.I22566@moria.mit.edu>
References: <20040721022516.5F6F833C19@moria.seul.org> <20040721033212.GA23781@itd.nrl.navy.mil> <20040721021455.I22566@moria.mit.edu>
Reply-to: or-dev@freehaven.net
Sender: owner-or-dev@freehaven.net
User-agent: Mutt/1.4.2i

On Wed, Jul 21, 2004 at 02:14:55AM -0400, Roger Dingledine wrote:
| [ For context, the cvs commit message is here:
| http://archives.seul.org/or/cvs/Jul-2004/msg00087.html ]
| 
| On Tue, Jul 20, 2004 at 11:32:12PM -0400, Paul Syverson wrote:
| > If we're going to accept connections from unknown routers, then
| > there should probably be a policy choice setting for that, possibly
| > a bound on how many rather than just a yes/no. Yes? No?
| 
| Is accepting connections from unknown routers a security risk? We still
| choose paths the same way we did before (that is, from the list of
| verified routers in one of the directories).

It seems to me that it may open a DOS risk, where a client can send
messages that claim to be starting a SSL session, and then require an
assymetric amount of work from the router.

Adam

References:
- Re: [or-cvs] make connection_tls_finish_handshake() more plausible.
  - From: Paul Syverson <syverson@itd.nrl.navy.mil>
- Re: [or-cvs] make connection_tls_finish_handshake() more plausible.
  - From: Roger Dingledine <arma@mit.edu>

Next by Author: Re: A cleaner MorphMix / A P2P Tor
Previous by thread: Re: [or-cvs] make connection_tls_finish_handshake() more plausible.
Next by thread: Tor 0.0.8pre1 is out
Index(es):
- Author
- Thread