r11911@catbus: nickm | 2007-02-24 02:51:37 -0500

 Clarify rules about certificates on incoming connections. Does it make more sense now?

svn:r9635

diff --git a/doc/spec/tor-spec.txt b/doc/spec/tor-spec.txt
index c3aba0fd8d9fc7b05c8c29c4b8065e267ceeaac3..672ecce41a03ff714d336036457359461b44583e 100644 (file)
--- a/doc/spec/tor-spec.txt
+++ b/doc/spec/tor-spec.txt
@@ -174,13 +174,12 @@ see tor-design.pdf.
    EXTEND cell, the expected identity key is the one given in the cell.)  If
    the key is not as expected, the party must close the connection.
 
-   All parties SHOULD reject connections to or from ORs that have malformed
-   or missing certificates.
-   [XXX How can we recognize that it's an OR if it's an incoming connection
-    with malformed/missing certs? Should we change the above to just "to
-    ORs"? -RD]
-   ORs SHOULD NOT reject incoming connections from OPs with malformed
-   or missing certificates.
+   When connecting to an OR, all parties SHOULD reject the connection if that
+   OR has a malformed or missing certificate.  When accepting an incoming
+   connection, an OR SHOULD NOT reject incoming connections from parties with
+   malformed or missing certificates.  (However, an OR should not believe
+   that an incoming connection is from another OR unless the certificates
+   are present and well-formed.)
 
    [Before version 0.1.2.8-rc, ORs rejected incoming connections from ORs and
    OPs alike if their certificates were missing or malformed.]