#19163: Maybe RSOS single-hop circuits should always have ntor ---------------------------------------------+----------------------------- Reporter: teor | Owner: teor Type: defect | Status: Priority: Medium | needs_review Component: Core Tor/Tor | Milestone: Tor: Severity: Normal | 0.2.9.x-final Keywords: rsos, tor-hs, TorCoreTeam201607 | Version: Parent ID: | Resolution: Reviewer: | Actual Points: 5 | Points: 1.0 | Sponsor: ---------------------------------------------+----------------------------- Changes (by teor):
* status: needs_revision => needs_review * actualpoints: 3 => 5 Comment: Please see my branch reject-tap-v3-rebased on https://github.com/teor2345/tor.git I am happy to take reviews through gitlab at https://gitlab.com/teor/tor/merge_requests/1/diffs It makes the following changes: - Relays make sure their own descriptor has an ntor key. - Authorites no longer trust the version a relay claims (if any), instead, they check specifically for an ntor key. - Clients avoid downloading a descriptor if the relay version is too old to support ntor. - Client code never chooses nodes without ntor keys: they will not be selected during circuit-building, or as guards, or as directory mirrors, or as introduction or rendezvous points. - Circuit-building code assumes that all hops can use ntor, except for rare hidden service protocol cases. - Clients opportunistically upgrade to intro point ntor onion keys in relay descriptors. If they do not have a relay descriptor, they fall back to using the intro point TAP onion key in the hidden service descriptor. - Hidden services opportunistically upgrade to rend point ntor onion keys in relay descriptors. If they do not have a relay descriptor, they fall back to using the rend point TAP onion key in the INTRODUCE cell. Other tickets: There's a single onion service stub function in this code that will conflict with #17178, whichever is merged later will have to delete it, or get a compile error. (And it says so in the function comment.) I split off #19649, because there's no ntor onion key link specifier. This changes some code that's related to hidden service reachability (#17945, #19662, and #19663). -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19163#comment:8> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs