[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22029 [Core Tor/Tor]: Allow ed25519 keys to be banned in the approved-routers file



#22029: Allow ed25519 keys to be banned in the approved-routers file
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  neel
     Type:  enhancement                          |         Status:
                                                 |  assigned
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  034-triage-20180328,                 |  Actual Points:
  034-removed-20180328                           |
Parent ID:                                       |         Points:  1
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by neel):

 The function `dirserv_load_fingerprint_file()` reads the file `approved-
 routers`. I have a few questions:

  1. Should the ed25519 key in the `approved-routers` file be a
 base16-encoded key (similar to what we do right now with RSA
 fingerprints)?
  2. Would it be okay that if a ed25519 key was given, I check keypin
 hashtable to get the relay's corresponding RSA key and then add it to the
 list? I propose will be done with a new function that searches the ed25519
 keypin hash table for each entry until a matching ed25519 key is given,
 and then return a corresponding RSA key.

 I am concerned with Point 2 however because of the O(n^2^) running time
 from needing to go through the list of all Tor relays. Another concern is
 that mapping ed25519 to RSA could mean we prolong the life of the RSA
 code.

 Would it be better to overhaul the relay data structures to be
 ed25519-first and then do this?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22029#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs