Loading doc/spec/proposals/106-less-tls-constraint.txt +8 −4 Original line number Diff line number Diff line Loading @@ -4,7 +4,7 @@ Version: $Revision: 12105 $ Last-Modified: $Date: 2007-01-30T07:50:01.643717Z $ Author: Nick Mathewson Created: Status: Open Status: Accepted Overview: Loading Loading @@ -71,6 +71,7 @@ a client and don't treat them as a server. great. -rd] there's really no harm in letting every router have any commonName it wants. [this is the better choice -rd] [agreed. -nm] REMAINING WAYS TO RECOGNIZE CLIENT->SERVER CONNECTIONS: Loading @@ -91,8 +92,8 @@ If we stop verifying the above requirements: server running TLS, and believe that you're talking to a Tor server (until you send the first cell). It will be far easier for non-Tor SSL clients to accidentally to Tor servers and speak HTTPS or whatever to them. It will be far easier for non-Tor SSL clients to accidentally connect to Tor servers and speak HTTPS or whatever to them. If, in a later release, we have clients not send certificates, and we make DNs less recognizable: Loading @@ -104,5 +105,8 @@ DNs less recognizable: If clients don't send certs, they look slightly less like servers. OTHER SPEC CHANGES: When a client doesn't give us an identity, we should never extend any circuits to it (duh), and we should allow it to set circuit ID however it wants. Loading
doc/spec/proposals/106-less-tls-constraint.txt +8 −4 Original line number Diff line number Diff line Loading @@ -4,7 +4,7 @@ Version: $Revision: 12105 $ Last-Modified: $Date: 2007-01-30T07:50:01.643717Z $ Author: Nick Mathewson Created: Status: Open Status: Accepted Overview: Loading Loading @@ -71,6 +71,7 @@ a client and don't treat them as a server. great. -rd] there's really no harm in letting every router have any commonName it wants. [this is the better choice -rd] [agreed. -nm] REMAINING WAYS TO RECOGNIZE CLIENT->SERVER CONNECTIONS: Loading @@ -91,8 +92,8 @@ If we stop verifying the above requirements: server running TLS, and believe that you're talking to a Tor server (until you send the first cell). It will be far easier for non-Tor SSL clients to accidentally to Tor servers and speak HTTPS or whatever to them. It will be far easier for non-Tor SSL clients to accidentally connect to Tor servers and speak HTTPS or whatever to them. If, in a later release, we have clients not send certificates, and we make DNs less recognizable: Loading @@ -104,5 +105,8 @@ DNs less recognizable: If clients don't send certs, they look slightly less like servers. OTHER SPEC CHANGES: When a client doesn't give us an identity, we should never extend any circuits to it (duh), and we should allow it to set circuit ID however it wants.
