Commit 715a5835 authored by Roger Dingledine's avatar Roger Dingledine
Browse files

rename HELLO cells to VERSIONS cells.


svn:r7051
parent c2c88715
......@@ -235,7 +235,7 @@ when do we rotate which keys (tls, link, etc)?
4 -- DESTROY (Stop using a circuit) (See Sec 5.4)
5 -- CREATE_FAST (Create a circuit, no PK) (See Sec 5.1)
6 -- CREATED_FAST (Circuit created, no PK) (See Sec 5.1)
7 -- HELLO (Negotiate versions) (See Sec 4.1)
7 -- VERSIONS (Negotiate versions) (See Sec 4.1)
8 -- NETINFO (Time and MITM-prevention) (See Sec 4.2)
The interpretation of 'Payload' depends on the type of the cell.
......@@ -261,7 +261,7 @@ when do we rotate which keys (tls, link, etc)?
RELAY cells are used to send commands and data along a circuit; see
section 5 below.
HELLO cells are used to introduce parameters and characteristics of
VERSIONS cells are used to introduce parameters and characteristics of
Tor clients and servers when connections are established.
4, Connection management
......@@ -269,10 +269,10 @@ when do we rotate which keys (tls, link, etc)?
Upon establishing a TLS connection, both parties immediately begin
negotiating a connection protocol version and other connection parameters.
4.1. HELLO cells
4.1. VERSIONS cells
When a Tor connection is established, both parties normally send a HELLO
cell before sending any other cells. (But see below.)
When a Tor connection is established, both parties normally send a
VERSIONS cell before sending any other cells. (But see below.)
NumVersions [1 byte]
Versions [NumVersions bytes]
......@@ -282,19 +282,20 @@ when do we rotate which keys (tls, link, etc)?
are able and willing to support. Parties can only communicate if they
have some connection protocol version in common.
Version 0.1.2.0-alpha and earlier don't understand HELLO cells, and
therefore don't support version negotiation. Thus, waiting until
the other side has sent a HELLO cell won't work for these servers: if they
send no cells back, it is impossible to tell whether they have sent a
HELLO cell that has been stalled, or whether they have dropped our own
HELLO cell as unrecognized. Thus, immediately after a TLS connection has
been established, the parties check whether the other side has an obsolete
certificate (organizationName equal to "Tor" or "TOR"). If the other party
presented an obsolete certificate, we assume a v0 connection. Otherwise,
both parties send HELLO cells listing all their supported versions. Upon
receiving the other party's HELLO cell, the implementation begins using
the highest-valued version common to both cells. If the first cell from
the other party is _not_ a HELLO cell, we assume a v0 protocol.
Version 0.1.2.0-alpha and earlier don't understand VERSIONS cells,
and therefore don't support version negotiation. Thus, waiting until
the other side has sent a VERSIONS cell won't work for these servers:
if they send no cells back, it is impossible to tell whether they
have sent a VERSIONS cell that has been stalled, or whether they have
dropped our own VERSIONS cell as unrecognized. Thus, immediately after
a TLS connection has been established, the parties check whether the
other side has an obsolete certificate (organizationName equal to "Tor"
or "TOR"). If the other party presented an obsolete certificate,
we assume a v0 connection. Otherwise, both parties send VERSIONS
cells listing all their supported versions. Upon receiving the
other party's VERSIONS cell, the implementation begins using the
highest-valued version common to both cells. If the first cell from
the other party is _not_ a VERSIONS cell, we assume a v0 protocol.
Implementations MUST discard cells that are not the first cells sent on a
connection.
......@@ -316,13 +317,13 @@ when do we rotate which keys (tls, link, etc)?
administrator.
Each address contains Type/Length/Value as used in Section 6.4. The first
address is the address of the interface the party sending the HELLO cell
address is the address of the interface the party sending the VERSIONS cell
used to connect to or accept connections from the other -- we include it
to block a man-in-the-middle attack on TLS that lets an attacker bounce
traffic through his own computers to enable timing and packet-counting
attacks.
The second address is the one that the party sending the HELLO cell
The second address is the one that the party sending the VERSIONS cell
believes the other has -- it can be used to learn what your IP address
is if you have no other hints.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment