[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #3890 [Tor bundles/installation]: Applications should start using optimistic data
#3890: Applications should start using optimistic data
--------------------------------------+-------------------------------------
Reporter: nickm | Owner: erinn
Type: enhancement | Status: new
Priority: major | Milestone:
Component: Tor bundles/installation | Version:
Keywords: | Parent: #5456
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Changes (by mikeperry):
* priority: normal => major
* cc: rransom, arma (added)
* parent: => #5456
Comment:
While staring at my circuit window fretting about #5456, I realized that
the Tor client behavior of retrying stream stages prior to RELAY_CONNECTED
allows an active exit node attacker to embed an arbitrarily long timing
signature transparently during stream setup. Because this phase is still
transparent to the user, the circuit still can be closed at this step if
the timing signature is not detected on a colluding malicious guard,
allowing for resource amplification. It's not as much amplification as
tagging via cipher malleability, because you don't get to do it at both
ends, but it's still amplification.
But if we deploy optimistic data, we remove the amplification property
because if the stream does not succeed in that first round trip, the app
will actually experience failure instead of the Tor client transparently
retrying until a signature can be added.
So it turns out this performance feature is actually a security
improvement as well.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3890#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs