From 38dcc368c401e3ce6b8258a0edbb38ca5f54ba2a Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Sat, 24 Feb 2007 07:54:47 +0000
Subject: [PATCH]  r11911@catbus:  nickm | 2007-02-24 02:51:37 -0500  Clarify
 rules about certificates on incoming connections. Does it make more sense
 now?

svn:r9635
---
 doc/spec/tor-spec.txt | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/doc/spec/tor-spec.txt b/doc/spec/tor-spec.txt
index c3aba0fd8d..672ecce41a 100644
--- a/doc/spec/tor-spec.txt
+++ b/doc/spec/tor-spec.txt
@@ -174,13 +174,12 @@ see tor-design.pdf.
    EXTEND cell, the expected identity key is the one given in the cell.)  If
    the key is not as expected, the party must close the connection.
 
-   All parties SHOULD reject connections to or from ORs that have malformed
-   or missing certificates.
-   [XXX How can we recognize that it's an OR if it's an incoming connection
-    with malformed/missing certs? Should we change the above to just "to
-    ORs"? -RD]
-   ORs SHOULD NOT reject incoming connections from OPs with malformed
-   or missing certificates.
+   When connecting to an OR, all parties SHOULD reject the connection if that
+   OR has a malformed or missing certificate.  When accepting an incoming
+   connection, an OR SHOULD NOT reject incoming connections from parties with
+   malformed or missing certificates.  (However, an OR should not believe
+   that an incoming connection is from another OR unless the certificates
+   are present and well-formed.)
 
    [Before version 0.1.2.8-rc, ORs rejected incoming connections from ORs and
    OPs alike if their certificates were missing or malformed.]
-- 
2.11.4.GIT