[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #24509 [Core Tor/Tor]: circuit_can_use_tap() should only allow TAP for v2 onion services

#24509: circuit_can_use_tap() should only allow TAP for v2 onion services
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  dgoulet
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.3.2.1-alpha
 Severity:  Normal                               |     Resolution:
 Keywords:  prop224, tor-hs, security-low,       |  Actual Points:
  easy, intro                                    |
Parent ID:                                       |         Points:  0.5
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):

 * status:  needs_information => needs_revision


Comment:

 Replying to [comment:10 dgoulet]:
 > I was working on this and I started to wonder here why isn't the purpose
 + the presence of a TAP onion key in the extend_info_t object not enough
 to rule out v2 HS?

 This check is a defence in depth mechanism.

 > As an example, HSv3 never sets a TAP onion key so it can simply never
 hit true there. Is the goal to have an _explicit_ flag that identifies the
 circuits HS version? Tbh, just to have that, it requires quite a bit of
 gymnastic and added flags for some gain I'm not sure I understand?

 It makes sure that our v3 code never uses TAP.
 And that our v2 code only uses TAP for two specific purposes: client
 intro, and service rend.

 These checks make it easier to get rid of TAP, because we know we're not
 accidentally using it for anything else. And they make sure we can't be
 *tricked* into using it for anything else, if there are bugs in our code.

 > A straight forward way would be to add a flag to the `extend_info_t` so
 the v2 and v3 subsystem can put the right version in there. But how is
 that different from "setting a TAP key" and "not setting a tap key" ?

 If there are bugs in our code, it is different.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24509#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs