[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #4548 [Tor Bridge]: Implement dynamic (rakshasa) primes (part of proposal 179)
#4548: Implement dynamic (rakshasa) primes (part of proposal 179)
------------------------+---------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Bridge | Version:
Keywords: | Parent: #3972
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by asn):
Replying to [comment:11 nickm]:
> Replying to [comment:10 asn]:
> > Replying to [comment:6 nickm]:
> > > Remaining issues, in addition to those above, after second review:
> > >
> > > * If this new option is going to be on-by-default, then clients
really shouldn't pay attention to it, since they shouldn't actually need
to have a group at all.
> >
> > True. I'm only doing dynamic DH stuff to bridges now.
>
> Hm. This seems like something all servers should want. I didn't see the
part that made this bridges-only; where can I find it?
>
f477ddcc20d5fc8c130b630854947a337881cd23 "Only bother with dynamic DH
moduli if we are a bridge."
If tor is not a bridge, it generates the static DH prime modulus of
Apache, like it used to.
Assuming that the Apache DH prime modulus is as safe as any other randomly
generated DH modulus, why would a public relay operator want it? It takes
time to generate and it writes gibberish about "dynamic DH stuff" in their
logs.
> > > * Checking a file status right before opening it is prone to race-
conditions; it's better just to open the file and see if you get an error.
There should be functions in util.c to do this. (This one could get
cleaned up later)
> >
> > I didn't find such functions in util.c. We need a FILE* to pass to
BN_print_fp().
> > I thought of using open() or fdopen() with O_CREAT and O_EXCL, but
open() seems to be a POSIX thing.
>
> open is supported on Windows: http://msdn.microsoft.com/en-
us/library/z0kc8e3z%28v=vs.71%29.aspx
>
Seems like I don't know how to use a search engine!
OK will use open() then.
> The functions I meant in util.c are start_writing_to_stdio_file and
finish/abort_writing to file; they do the open+fdopen thing you want.
>
Will check them out.
> BTW, you *can* do this with DH parameters: d2i_DHparams and i2d_DHparams
convert DH params to and from strings, and the {d2i,i2d}_DHparams_fp
variants read and write DH parameters on a FILE*
>
I want to do #4549 first, but I'll try to do this as well.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4548#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs