From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 22 Dec 2005 19:29:31 +0000 (+0000)
Subject: Note that you should not download by ID fingerprint.
X-Git-Tag: tor-0.1.1.11-alpha~150
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9afeacac3b8742c75e36a8b68a9f93ac8c292c07;p=thirdparty%2Ftor.git

Note that you should not download by ID fingerprint.


svn:r5634
---

diff --git a/doc/dir-spec.txt b/doc/dir-spec.txt
index aaecac08b2..65b2ddb878 100644
--- a/doc/dir-spec.txt
+++ b/doc/dir-spec.txt
@@ -305,10 +305,15 @@ $Id$
    fingerprint of <F> should be available at:
       http://<hostname>/tor/server/fp/<F>.z
 
-   The most recent descriptors for servers with fingerprints <F1>,<F2>,<F3>
-   should be available at:
+   The most recent descriptors for servers with identity fingerprints
+   <F1>,<F2>,<F3> should be available at:
       http://<hostname>/tor/server/fp/<F1>+<F2>+<F3>.z
 
+   (NOTE: Implementations SHOULD NOT download descriptors by identity key
+   fingerprint. This allows a corrupted server (in collusion with a cache) to
+   provide a unique descriptor to a client, and thereby partition that client
+   from the rest of the network.)
+
    The descriptor for a server whose digest (in hex) is <D> should be
    available at:
       http://<hostname>/tor/server/d/<D>.z