#26928: Taint untrusted link authentication keys ------------------------------+------------------------------ Reporter: teor | Owner: (none) Type: defect | Status: new Priority: Medium | Milestone: Tor: unspecified Component: Core Tor/Tor | Version: Severity: Normal | Keywords: tor-hs Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | ------------------------------+------------------------------ We should taint untrusted link auth keys, and then downgrade connections using tainted keys to protocol warnings.
Link auth keys from the following sources are trusted: * hard-coded authorities * the consensus signed by hard-coded authorities Link auth keys from the following sources are untrusted: * hardcoded fallback dirs, because relay keys change over time * our state file (if not confirmed in the consensus), because relay keys change over time * onion service descriptors, because they come from untrusted services * onion service introduce cells, because they come from untrusted clients Split off #26924. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26928> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs