mirror of
https://github.com/torproject/torspec.git
synced 2024-11-23 09:49:45 +00:00
46 lines
1.6 KiB
Plaintext
46 lines
1.6 KiB
Plaintext
Filename: 149-using-netinfo-data.txt
|
|
Title: Using data from NETINFO cells
|
|
Author: Nick Mathewson
|
|
Created: 2-Jul-2008
|
|
Status: Superseded
|
|
Target: 0.2.1.x
|
|
|
|
[Partially done: we do the anti-MITM part. Not entirely done: we don't do
|
|
the time part.]
|
|
|
|
Overview
|
|
|
|
Current Tor versions send signed IP and timestamp information in
|
|
NETINFO cells, but don't use them to their fullest. This proposal
|
|
describes how they should start using this info in 0.2.1.x.
|
|
|
|
Motivation
|
|
|
|
Our directory system relies on clients and routers having
|
|
reasonably accurate clocks to detect replayed directory info, and
|
|
to set accurate timestamps on directory info they publish
|
|
themselves. NETINFO cells contain timestamps.
|
|
|
|
Also, the directory system relies on routers having a reasonable
|
|
idea of their own IP addresses, so they can publish correct
|
|
descriptors. This is also in NETINFO cells.
|
|
|
|
Learning the time and IP address
|
|
|
|
We need to think about attackers here. Just because a router tells
|
|
us that we have a given IP or a given clock skew doesn't mean that
|
|
it's true. We believe this information only if we've heard it from
|
|
a majority of the routers we've connected to recently, including at
|
|
least 3 routers. Routers only believe this information if the
|
|
majority includes at least one authority.
|
|
|
|
Avoiding MITM attacks
|
|
|
|
Current Tors use the IP addresses published in the other router's
|
|
NETINFO cells to see whether the connection is "canonical". Right
|
|
now, we prefer to extend circuits over "canonical" connections. In
|
|
0.2.1.x, we should refuse to extend circuits over non-canonical
|
|
connections without first trying to build a canonical one.
|
|
|
|
|