#22688: Make sure HSDir3s never know service, client, or bridge IP addresses -------------------------------------------------+------------------------- Reporter: teor | Owner: Type: defect | Status: | needs_review Priority: Medium | Milestone: Tor: | 0.3.1.x-final Component: Core Tor/Tor | Version: Tor: | unspecified Severity: Normal | Resolution: Keywords: prop224, relay-safety, | Actual Points: 0.3 031-backport, maybe-030-backport-with-21406 | Parent ID: | Points: 0.3 Reviewer: | Sponsor: -------------------------------------------------+------------------------- Changes (by teor):
* status: new => needs_review * keywords: prop224, relay-safety, 031-backport, no-030-backport => prop224, relay-safety, 031-backport, maybe-030-backport-with-21406 * actualpoints: 0.2 => 0.3 * points: 0.2 => 0.3 Comment: Please see my branch bug22688-031 on github. If we want to backport it to 0.3.0, we also need to backport the channel_is_client fix in #21406, which was merged in 0.3.1.1-alpha. This compiles, but can't actually test this, so dgoulet or asn will need to check it against their working HSv3 service and client code. This breaks the direct descriptor downloads tor2web used to do in HSv2, see #20104. But we don't plan on tor2web in HSv3, so that's ok. (And if we do, this is something we should fix.) (This patch doesn't check if the circuit is from a relay, that check would be redundant.) -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22688#comment:1> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs