Commit 892846eb authored by Philipp Winter's avatar Philipp Winter
Browse files

Elaborate on server's behaviour.

In particular, discuss strategies which servers should implement if clients
cannot authenticate.  Otherwise, malicious clients could run computation-based
or memory-based denial-of-service attacks.  This problem was reported by
Yawning Angel.

This should fix <https://bugs.torproject.org/11092>.
parent b7397b9b
Loading
Loading
Loading
Loading
+7 −4
Original line number Original line Diff line number Diff line
@@ -35,10 +35,13 @@
    secret should thwart active probing attacks.
    secret should thwart active probing attacks.


    As stated in the research paper [1], a server only replies to a client if
    As stated in the research paper [1], a server only replies to a client if
    the client can prove knowledge of the shared secret.  If a client sends
    the client can prove knowledge of the shared secret.  As long as clients
    data which lacks this knowledge, the server MUST NOT reply.  It MAY
    cannot prove knowledge of the shared secret, servers MUST NOT reply.  If
    terminate the connection if the client could not prove knowledge of the
    authentication did not succeed after 1532 bytes have been received, the
    shared secret after a timeout has passed.
    server SHOULD stop processing incoming data to prevent denial-of-service
    attacks.  The server MAY close the TCP connection.  Alternatively, the
    server MAY proceed to accept data but it SHOULD stop buffering or
    processing the data, thus effectively ignoring the client.


2.1 UniformDH Handshake
2.1 UniformDH Handshake