Loading doc/spec/proposals/000-index.txt +1 −1 Original line number Diff line number Diff line Loading @@ -24,5 +24,5 @@ Proposals by number: 103 Splitting identity key from regularly used signing key [OPEN] 104 Long and Short Router Descriptors [OPEN] 105 Version negotiation for the Tor protocol [OPEN] 106 Checking fewer things during TLS handshakes [FINISHED] 106 Checking fewer things during TLS handshakes [CLOSED] doc/spec/proposals/106-less-tls-constraint.txt +33 −33 Original line number Diff line number Diff line Loading @@ -4,7 +4,7 @@ Version: $Revision: 12105 $ Last-Modified: $Date: 2007-01-30T07:50:01.643717Z $ Author: Nick Mathewson Created: Status: Finished Status: Closed Overview: Loading Loading @@ -76,9 +76,9 @@ a client and don't treat them as a server. great. -rd] REMAINING WAYS TO RECOGNIZE CLIENT->SERVER CONNECTIONS: Assuming that we removed the above requirements, we could then (in a later release) have clients not send certificates, and sometimes and started making our DNs a little less formulaic, client->server OR connections would still be recognizable by: release) have clients not send certificates, and sometimes and started making our DNs a little less formulaic, client->server OR connections would still be recognizable by: having a two-certificate chain sent by the server using a particular set of ciphersuites traffic patterns Loading doc/spec/tor-spec.txt +7 −4 Original line number Diff line number Diff line Loading @@ -149,7 +149,7 @@ see tor-design.pdf. support any suite without ephemeral keys, symmetric keys of at least KEY_LEN bits, and digests of at least HASH_LEN bits. Even though the connection protocol is identical, we think of the Even though the connection protocol is identical, we will think of the initiator as either an onion router (OR) if it is willing to relay traffic for other Tor users, or an onion proxy (OP) if it only handles local requests. Onion proxies SHOULD NOT provide long-term-trackable Loading @@ -175,8 +175,11 @@ see tor-design.pdf. the key is not as expected, the party must close the connection. All parties SHOULD reject connections to or from ORs that have malformed or missing certificates. ORs MAY accept or reject connections from OPs with malformed or missing certificates. or missing certificates. ORs SHOULD NOT reject incoming connections from OPs with malformed or missing certificates. [Before version 0.1.2.8-rc, ORs rejected incoming connections from ORs and OPs alike if their certificates were missing or malformed.] Once a TLS connection is established, the two sides send cells (specified below) to one another. Cells are sent serially. All Loading Loading @@ -286,7 +289,7 @@ see tor-design.pdf. The CircID for a CREATE cell is an arbitrarily chosen 2-byte integer, selected by the node (OP or OR) that sends the CREATE cell. To prevent CircID collisions, when one OR sends a CREATE cell to another, it chooses CircID collisions, when one OR sends a CREATE cell to another OR, it chooses from only one half of the possible values based on the ORs' public identity keys: if the sending OR has a lower key, it chooses a CircID with an MSB of 0; otherwise, it chooses a CircID with an MSB of 1. Loading Loading
doc/spec/proposals/000-index.txt +1 −1 Original line number Diff line number Diff line Loading @@ -24,5 +24,5 @@ Proposals by number: 103 Splitting identity key from regularly used signing key [OPEN] 104 Long and Short Router Descriptors [OPEN] 105 Version negotiation for the Tor protocol [OPEN] 106 Checking fewer things during TLS handshakes [FINISHED] 106 Checking fewer things during TLS handshakes [CLOSED]
doc/spec/proposals/106-less-tls-constraint.txt +33 −33 Original line number Diff line number Diff line Loading @@ -4,7 +4,7 @@ Version: $Revision: 12105 $ Last-Modified: $Date: 2007-01-30T07:50:01.643717Z $ Author: Nick Mathewson Created: Status: Finished Status: Closed Overview: Loading Loading @@ -76,9 +76,9 @@ a client and don't treat them as a server. great. -rd] REMAINING WAYS TO RECOGNIZE CLIENT->SERVER CONNECTIONS: Assuming that we removed the above requirements, we could then (in a later release) have clients not send certificates, and sometimes and started making our DNs a little less formulaic, client->server OR connections would still be recognizable by: release) have clients not send certificates, and sometimes and started making our DNs a little less formulaic, client->server OR connections would still be recognizable by: having a two-certificate chain sent by the server using a particular set of ciphersuites traffic patterns Loading
doc/spec/tor-spec.txt +7 −4 Original line number Diff line number Diff line Loading @@ -149,7 +149,7 @@ see tor-design.pdf. support any suite without ephemeral keys, symmetric keys of at least KEY_LEN bits, and digests of at least HASH_LEN bits. Even though the connection protocol is identical, we think of the Even though the connection protocol is identical, we will think of the initiator as either an onion router (OR) if it is willing to relay traffic for other Tor users, or an onion proxy (OP) if it only handles local requests. Onion proxies SHOULD NOT provide long-term-trackable Loading @@ -175,8 +175,11 @@ see tor-design.pdf. the key is not as expected, the party must close the connection. All parties SHOULD reject connections to or from ORs that have malformed or missing certificates. ORs MAY accept or reject connections from OPs with malformed or missing certificates. or missing certificates. ORs SHOULD NOT reject incoming connections from OPs with malformed or missing certificates. [Before version 0.1.2.8-rc, ORs rejected incoming connections from ORs and OPs alike if their certificates were missing or malformed.] Once a TLS connection is established, the two sides send cells (specified below) to one another. Cells are sent serially. All Loading Loading @@ -286,7 +289,7 @@ see tor-design.pdf. The CircID for a CREATE cell is an arbitrarily chosen 2-byte integer, selected by the node (OP or OR) that sends the CREATE cell. To prevent CircID collisions, when one OR sends a CREATE cell to another, it chooses CircID collisions, when one OR sends a CREATE cell to another OR, it chooses from only one half of the possible values based on the ORs' public identity keys: if the sending OR has a lower key, it chooses a CircID with an MSB of 0; otherwise, it chooses a CircID with an MSB of 1. Loading
