changes file for bug11743

diff --git a/changes/bug11743 b/changes/bug11743
new file mode 100644 (file)
index 0000000..89e4bbc
--- /dev/null
+++ b/changes/bug11743
@@ -0,0 +1,15 @@
+  o Major security fixes (directory authorities):
+
+    - Directory authorities now include a digest of each relay's
+      identity key as a part of its microdescriptor.
+
+      This is a workaround for bug #11743, where Tor clients do not
+      support receiving multiple microdescriptors with the same SHA256
+      digest in the same consensus. When clients receive a consensus
+      like this, they only use one of the relays. Without this fix, a
+      hostile relay could selectively disable client use of target
+      relays by constucting a router descriptor with a different
+      identity and the same microdescriptor parameters and getting the
+      authorities to list it in a microdescriptor consensus. This fix
+      prevents an attacker from causing a microdescriptor collision,
+      because the router's identity is not forgeable.