[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #25870 [Core Tor/Tor]: Fix vanguard restrictions
#25870: Fix vanguard restrictions
--------------------------+------------------------------------
Reporter: mikeperry | Owner: (none)
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.3.4.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #25546 | Points:
Reviewer: asn | Sponsor:
--------------------------+------------------------------------
Comment (by mikeperry):
Replying to [comment:6 asn]:
> OK, the explanation above makes sense but it's also quite complicated.
I'm gonna try to write some unittests and see if I can get a bit more
confidence.
>
> Another design-level question: Why are we doing this change just for
vanguard circuits and not for all circuits? Is it because we only aim to
protect against guard-discovery attacks like #14917 only in vanguard
circuits? Or because vanguard-circuits are naturally not 3-hops and so
it's eaier to block A - B -A type circs? Or something else?
I decided to do the first commit because it is a simple way to prevent the
adversary from being able to influence your guard choice without
completely changing how we build paths. I only did it for vanguards
because we did not agree on a solution for how we want to handle
restrictions in the general case. And also yes, with vanguards it does not
create any degenerate conditions that induce warnings, but it would with
normal circuits.
I decided to do the second commit because the HSLayerN options will
generate warnings on relays as-is. I originally removed all restrictions
for vanguard circuits because of issues discovered during testing of
#13837 and #24487. With two entry guards and this patch (which we can also
do easily with vanguards), #24487 no longer leaks information to later
layers, and the HSLayerN options will no longer cause warnings.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25870#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs