diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-05-06 20:40:40 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-05-06 20:40:40 -0400 |
| commit | 5cea500ce75116abe4deb46d759f5ac1048dd4cc (patch) | |
| tree | 4fcdffd80c17c0e322e0c7e40bedbbcb71b32e99 /changes | |
| parent | ed0e2ecaa797696b88a388e4f82091d6aa7461a6 (diff) | |
| parent | 52416f8cfb8bc28207c05d83f50ed878ae358998 (diff) | |
| download | tor-5cea500ce75116abe4deb46d759f5ac1048dd4cc.tar tor-5cea500ce75116abe4deb46d759f5ac1048dd4cc.tar.gz | |
Merge branch 'bug11743_option_b'
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug11743 | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/changes/bug11743 b/changes/bug11743 new file mode 100644 index 000000000..89e4bbc2b --- /dev/null +++ b/changes/bug11743 @@ -0,0 +1,15 @@ + o Major security fixes (directory authorities): + + - Directory authorities now include a digest of each relay's + identity key as a part of its microdescriptor. + + This is a workaround for bug #11743, where Tor clients do not + support receiving multiple microdescriptors with the same SHA256 + digest in the same consensus. When clients receive a consensus + like this, they only use one of the relays. Without this fix, a + hostile relay could selectively disable client use of target + relays by constucting a router descriptor with a different + identity and the same microdescriptor parameters and getting the + authorities to list it in a microdescriptor consensus. This fix + prevents an attacker from causing a microdescriptor collision, + because the router's identity is not forgeable. |