[or-cvs] r9635: Clarify rules about certificates on incoming connections. Do (in tor/trunk: . doc/spec)
nickm at seul.org
nickm at seul.org
Sat Feb 24 07:54:49 UTC 2007
Author: nickm
Date: 2007-02-24 02:54:47 -0500 (Sat, 24 Feb 2007)
New Revision: 9635
Modified:
tor/trunk/
tor/trunk/doc/spec/tor-spec.txt
Log:
r11911 at catbus: nickm | 2007-02-24 02:51:37 -0500
Clarify rules about certificates on incoming connections. Does it make more sense now?
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r11911] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: tor/trunk/doc/spec/tor-spec.txt
===================================================================
--- tor/trunk/doc/spec/tor-spec.txt 2007-02-24 07:50:38 UTC (rev 9634)
+++ tor/trunk/doc/spec/tor-spec.txt 2007-02-24 07:54:47 UTC (rev 9635)
@@ -174,13 +174,12 @@
EXTEND cell, the expected identity key is the one given in the cell.) If
the key is not as expected, the party must close the connection.
- All parties SHOULD reject connections to or from ORs that have malformed
- or missing certificates.
- [XXX How can we recognize that it's an OR if it's an incoming connection
- with malformed/missing certs? Should we change the above to just "to
- ORs"? -RD]
- ORs SHOULD NOT reject incoming connections from OPs with malformed
- or missing certificates.
+ When connecting to an OR, all parties SHOULD reject the connection if that
+ OR has a malformed or missing certificate. When accepting an incoming
+ connection, an OR SHOULD NOT reject incoming connections from parties with
+ malformed or missing certificates. (However, an OR should not believe
+ that an incoming connection is from another OR unless the certificates
+ are present and well-formed.)
[Before version 0.1.2.8-rc, ORs rejected incoming connections from ORs and
OPs alike if their certificates were missing or malformed.]
More information about the tor-commits
mailing list