[tor-bugs] #22862 [Core Tor/Tor]: tor-spec doesn't say how clients authenticate authorities or fallback directories

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jul 9 07:35:40 UTC 2017 

#22862: tor-spec doesn't say how clients authenticate authorities or fallback
directories
--------------------------+------------------------------------
 Reporter:  teor          |          Owner:
     Type:  defect        |         Status:  needs_review
 Priority:  Medium        |      Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor  |        Version:  Tor: unspecified
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:  0.2
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Old description:

> {{{
>      In all handshake variants, once all certificates are exchanged, all
>      parties receiving certificates must confirm that the identity key is
> as
>      expected.  (When initiating a connection, the expected identity key
> is
> -    the one given in the directory; when creating a connection because
> of an
> +    during bootstrap: the one given in the hard-coded authority or
> fallback list,
> +    after bootstrap: the one in the directory; when creating a
> connection because of an
>      EXTEND cell, the expected identity key is the one given in the
> cell.)  If
>      the key is not as expected, the party must close the connection.
> }}}

New description:

 {{{
      In all handshake variants, once all certificates are exchanged, all
      parties receiving certificates must confirm that the identity key is
 as
      expected.  (When initiating a connection, the expected identity key
 is
 -    the one given in the directory; when creating a connection because of
 an
 +    when no reasonably live consensus is available: the one given in the
 hard-coded authority or fallback list;
 +    or otherwise, the one in the directory; when creating a connection
 because of an
      EXTEND cell, the expected identity key is the one given in the cell.)
 If
      the key is not as expected, the party must close the connection.
 }}}

--

Comment (by teor):

 Let's be more precise

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22862#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list