Commit d2bdea61 authored by Nick Mathewson's avatar Nick Mathewson 🦀
Browse files

Describe actual use of NETINFO fields 

Instead of saying the clock skew and "your address" fields are
unused, describe the dangers of using them as unconditionally
trusted.
parent 0951a931

tor-spec.txt

+5 −2
Original line number Diff line number Diff line
@@ -712,8 +712,11 @@ see tor-design.pdf. 


   Implementations MAY use the timestamp value to help decide if their

   clocks are skewed.  Initiators MAY use "other OR's address" to help

   learn which address their connections are originating from, if they do

   not know it.  [As of 0.2.3.1-alpha, nodes use neither of these values.]

   learn which address their connections may be originating from, if they do

   not know it; and to learn whether the peer will treat the current

   connection as canonical.  Implementations SHOULD NOT trust these

   values unconditionally, especially when they come from non-authorities,

   since the other party can lie about the time or IP addresses it sees.



   Initiators SHOULD use "this OR's address" to make sure

   that they have connected to another OR at its canonical address.