#22805: Remove or_circuit_t.is_first_hop, because it's not accurate any more -------------------------------------------------+------------------------- Reporter: teor | Owner: nickm Type: defect | Status: | needs_review Priority: Medium | Milestone: Tor: | 0.3.2.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: technical-debt, security-review, | Actual Points: .3 review-group-23 | Parent ID: | Points: 1 Reviewer: asn | Sponsor: -------------------------------------------------+------------------------- Changes (by nickm):
* status: needs_revision => needs_review Comment: Replying to [comment:14 teor]: > I think we can take out all the code that deals with CREATE_FAST, including the code around `cfe6b444d652464b0b6bb18b4a4a24b0cfb0da81` I've updated bug22805_v2 with this change. > and just check for a non-zero identity digest. Hm; that's a bigger change than we'd been talking about here; I think I should open another ticket to change it in 0.3.3. Would that be okay with you? > If a connecting peer has a zero identity digest, it's a client/bridge, if it doesn't, it's a relay. (A listening peer is always a relay. Interestingly, bridges look like relays to clients, but look like clients to public relays.) > > If a connecting peer uses CREATE_FAST, it might be an old client, or a bootstrapping client, or a bootstrapping relay (on 0.2.9 and later). > But I'm unsure what happens after the initial circuit, when a bootstrapping relay `A` uses CREATE_FAST to `B`. > > Does `A` authenticate to the listening relay `B` once `A` has a consensus? > > Or, if `A` has authenticated `B`, but `B` never authenticated `A`: > * does `A` discard its early connection to `B`? > * does `A` use its early connections for client extends to `B`, but `B` doesn't use that connection for client extends to `A`? So, authentication decisions aren't made as part of the CREATE/CREATE2/CREATE_FAST layer: they all happen as part of the connection layer. Relays ''always'' offer authentication, and they don't need a consensus to do so. So if two relays are talking, then in theory they should always do so in an authenticated way. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22805#comment:16> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs