[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #27550 [Core Tor/Tor]: hs-v3: Don't warn so loundly when tor is unable to decode a descriptor



#27550: hs-v3: Don't warn so loundly when tor is unable to decode a descriptor
------------------------------+--------------------------------
     Reporter:  dgoulet       |      Owner:  (none)
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:  Tor: 0.3.5.x-final
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:  tor-hs, 035-must
Actual Points:                |  Parent ID:  #27544
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+--------------------------------
 With #20700, we introduce client authorization making tor client without
 it trying to access a .onion with it to be unable to decode the
 descriptor. This leads to big warnings:

 {{{
 Sep 07 13:55:44.156 [info] handle_response_fetch_hsdesc_v3(): Received v3
 hsdesc (body size 14111, status 200 ("OK"))
 Sep 07 13:55:44.157 [warn] Encrypted service descriptor MAC check failed
 Sep 07 13:55:44.157 [warn] Decrypting encrypted desc failed.
 Sep 07 13:55:44.157 [warn] Service descriptor decryption failed.
 Sep 07 13:55:44.157 [warn] Could not parse received descriptor as client.
 ...
 }}}

 We should definitely not print warning if decoding fails but maybe a
 "unable to use descriptor" instead and the rest at info level.

 Second, there is the retry behavior. Two cases:

 1) Tor is configured with client authorization for A.onion:

  If we get the descriptor and unable to decode A.onion while we know we
 have a client authorization configured, I think we should make Tor stop
 and just tell the user that it didn't worked.

 2) Tor doesn't have client authorization for A.onion

  In that case, if the decoding fails, we should *probably* make Tor stop
 trying on all HSDir and instead go at notice level saying "Unable to
 access A.onion. Maybe you need authorization?" kind of message.

 Failing to decode a descriptor now is imo highly unlikely so we could
 assume that in this case, chances are that you'll get a better descriptor
 at the next HSDir are thin!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27550>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs