[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-dev] Proposal #349: Command state validation (for dropmark attacks)
We've merged a draft of Proposal #349 to torspec:
https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/349-command-state-validation.md
Also available on the tor spec site at:
https://spec.torproject.org/proposals/349-command-state-validation.html
This proposal is meant to deal with the third class of highly severe
protocol side channels in tor: Dropped Cells. See Prop #344 for background:
https://spec.torproject.org/proposals/344-protocol-info-leaks.html
Note that there still are some details that need to be ironed out wrt
how and when to perform checks that depend upon full parsing and
protocol context, as opposed to just relay message command.
This work is part of Sponsor 112; arti-client support is due by EOY 2024.
C-Tor will not implement this proposal.
--
Mike Perry
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev