[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [or-cvs] make connection_tls_finish_handshake() more plausible.
On Wed, Jul 21, 2004 at 02:14:55AM -0400, Roger Dingledine wrote:
| [ For context, the cvs commit message is here:
| http://archives.seul.org/or/cvs/Jul-2004/msg00087.html ]
|
| On Tue, Jul 20, 2004 at 11:32:12PM -0400, Paul Syverson wrote:
| > If we're going to accept connections from unknown routers, then
| > there should probably be a policy choice setting for that, possibly
| > a bound on how many rather than just a yes/no. Yes? No?
|
| Is accepting connections from unknown routers a security risk? We still
| choose paths the same way we did before (that is, from the list of
| verified routers in one of the directories).
It seems to me that it may open a DOS risk, where a client can send
messages that claim to be starting a SSL session, and then require an
assymetric amount of work from the router.
Adam