[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #20625 [Core Tor/Tor]: When a consensus doesn't have enough signatures, write it (and sigs) to a file



#20625: When a consensus doesn't have enough signatures, write it (and sigs) to a
file
-----------------------------+------------------------------------
 Reporter:  teor             |          Owner:
     Type:  enhancement      |         Status:  new
 Priority:  Medium           |      Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor     |        Version:
 Severity:  Normal           |     Resolution:
 Keywords:  easy?, tor-auth  |  Actual Points:
Parent ID:                   |         Points:
 Reviewer:                   |        Sponsor:
-----------------------------+------------------------------------

Comment (by teor):

 We should only write the latest bad consensus to a file.

 We should only write signatures from authorities we trust to the sigs
 file. Otherwise, an authority's disk could be filled by a malicious server
 pretending to be an authority.

 Alternately, we could limit the file size(s).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20625#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs