Arti v1.1.5: Onion Services, RPC, and a Security Patch

“In the past months, our efforts have been divided between onion services and work on a new RPC API (a successor to C Tor’s “control port”) that will give applications a safe and powerful way to work with Arti without having to write their code in Rust or link Arti as a library (unless they want to).””For onion services this month, we have continued work on our protocol infrastructure to support the cryptographic handshakes and protocols used for onion services, and begun design work on a key management system for onion services.””Our RPC code is still in an “infrastructure-only” state: the backend has progressed significantly, and now includes an object-reference system we’ll use to enforce security via a capability-style design, but as of yet it supports no useful functionality.””Finally, this release also fixes a security issue: there was a bug in our SOCKS code that could be exploited to cause a denial-of-service attack against an Arti client.”

Full Blog Post

Leave a Reply

Your email address will not be published. Required fields are marked *