149-using-netinfo-data.txt 1.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344
  1. Filename: 149-using-netinfo-data.txt
  2. Title: Using data from NETINFO cells
  3. Version: $Revision$
  4. Last-Modified: $Date$
  5. Author: Nick Mathewson
  6. Created: 2-Jul-2008
  7. Status: Open
  8. Target: 0.2.1.x
  9. Overview
  10. Current Tor versions send signed IP and timestamp information in
  11. NETINFO cells, but don't use them to their fullest. This proposal
  12. describes how they should start using this info in 0.2.1.x.
  13. Motivation
  14. Our directory system relies on clients and routers having
  15. reasonably accurate clocks to detect replayed directory info, and
  16. to set accurate timestamps on directory info they publish
  17. themselves. NETINFO cells contain timestamps.
  18. Also, the directory system relies on routers having a reasonable
  19. idea of their own IP addresses, so they can publish correct
  20. descriptors. This is also in NETINFO cells.
  21. Learning the time and IP
  22. We need to think about attackers here. Just because a router tells
  23. us that we have a given IP or a given clock skew doesn't mean that
  24. it's true. We believe this information only if we've heard it from
  25. a majority of the routers we've connected to recently, including at
  26. least 3 routers. Routers only believe this information if the
  27. majority inclues at least one authority.
  28. Avoiding MITM attacks
  29. Current Tors use the IP addresses published in the other router's
  30. NETINFO cells to see whether the connection is "canonical". Right
  31. now, we prefer to extend circuits over "canonical" connections. In
  32. 0.2.1.x, we should refuse to extend circuits over non-canonical
  33. connections without first trying to build a canonical one.