[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #11480 [Tor]: Implement the single guard node proposal



#11480: Implement the single guard node proposal
------------------------+--------------------------------
     Reporter:  asn     |      Owner:
         Type:  task    |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor-client
Actual Points:          |  Parent ID:
       Points:          |
------------------------+--------------------------------

Comment (by karsten):

 Replying to [comment:4 asn]:
 > Replying to [comment:3 asn]:
 > >
 > > == Prioritize young guards for non-guard tasks ==
 > > * Implementation plan:
 > >   Download/parse/verify old consensuses in an external script,
 > >   write file with results,
 > >   have little-t-tor read the results.
 > >
 >
 > Two questions on this task (also see #10968):
 >
 > a) How are we going to get past consesuses? AFAIK, directories don't
 keep and serve old consesuses. Is metrics.tpo the only place where we can
 get them? Is it reasonalbe to make metrics.tpo a single point of failure
 for this feature?

 Would somebody want to run a fall-back instance of the part of metrics.tpo
 that archives consensuses?  I run two instances, but I sure wouldn't mind
 knowing that there's another instance running that is not run by me.

 > b) We will need to verify the sigs of the past consesuses. Can arm
 verify signatures of Tor documents?

 stem, not arm.  That's a question for atagar.

 > Also, what can go wrong with verifying consesus sigs from many months
 ago? Have auths ever changed their identity keys?

 metrics.tpo also serves past certificates that you could use here.  You'll
 also want to extract a list of authority identities that little-t-tor
 clients considered valid.  That list changes every now and then, but not
 very often.

 > Also, what happens if we try to parse a badly-signed consesus? Should we
 just ignore it?

 Probably warn about the bad signature and ignore it.  If the consensus
 still has enough good signatures for little-t-tor clients to accept it,
 you can probably accept it, too.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11480#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs