[tor-bugs] #33129 [Core Tor]: Tor node that is not part of the consensus should not be used as rendezvous point with the onion service
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 3 12:54:20 UTC 2020
#33129: Tor node that is not part of the consensus should not be used as rendezvous
point with the onion service
----------------------------+-----------------------------------
Reporter: cypherpunks | Owner: (none)
Type: defect | Status: needs_information
Priority: Very High | Milestone:
Component: Core Tor | Version:
Severity: Critical | Resolution:
Keywords: onion services | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------+-----------------------------------
Changes (by asn):
* status: new => needs_information
Comment:
The reason we dont require RPs to be part of the consensus, is that there
is no global consensus, and clients and service can have a different one
at any given time. This will cause desynch issues where the service will
be rejecting rendezvous requests because they cant find the node on the
consensus. In theory we could fix this by having the client pass a list of
rendezvous to the service, but not sure if this is worth it given the
limited improvements that this will bring to the overall attack (#24487).
Even if we required that the RP is in the consensus, the attacker can just
make a bunch of relays in those IPs, get them in the consensus and then
perform the attack properly. Hence, I dont see the suggested defence being
such a big improvement here.
If I'm wrong please correct me.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33129#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list