#33129: Tor node that is not part of the consensus should not be used as rendezvous point with the onion service ----------------------------+----------------------------------- Reporter: cypherpunks | Owner: (none) Type: defect | Status: needs_information Priority: Very High | Milestone: Component: Core Tor | Version: Severity: Critical | Resolution: Keywords: onion services | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ----------------------------+----------------------------------- Changes (by asn):
* status: new => needs_information Comment: The reason we dont require RPs to be part of the consensus, is that there is no global consensus, and clients and service can have a different one at any given time. This will cause desynch issues where the service will be rejecting rendezvous requests because they cant find the node on the consensus. In theory we could fix this by having the client pass a list of rendezvous to the service, but not sure if this is worth it given the limited improvements that this will bring to the overall attack (#24487). Even if we required that the RP is in the consensus, the attacker can just make a bunch of relays in those IPs, get them in the consensus and then perform the attack properly. Hence, I dont see the suggested defence being such a big improvement here. If I'm wrong please correct me. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33129#comment:1> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs