[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #28275 [Core Tor/Tor]: hs-v3: Rotate intro points and close RP circuits when removing client auth service side
#28275: hs-v3: Rotate intro points and close RP circuits when removing client auth
service side
------------------------------+--------------------------------
Reporter: dgoulet | Owner: (none)
Type: defect | Status: new
Priority: Very High | Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor | Version: Tor: 0.3.5.1-alpha
Severity: Normal | Keywords: security, tor-hs
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------------------
On the service side (only), when a client authorization is removed and
then tor is HUP, right now the service notices that and re-upload a new
descriptor containing that new auth.
However, the into points are most likely kept as is (if no normal rotation
happened during re-build) which means that a revoked client can still
access the service with their cached descriptor because the intro points
are still valid...
Furthermore, the RP circuits for that client aren't closed.
Security wise, that is not ideal to have a "not really revoked client" ;).
Fortunately, only applies to 0.3.5.1-alpha and onward so no need for a
TROVE.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28275>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs