[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Fallback Directory Handover

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Fallback Directory Handover
From: teor <teor@xxxxxxxxxx>
Date: Wed, 22 Apr 2020 13:29:14 +1000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 21 Apr 2020 23:29:33 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1587526158; bh=ptyOZGuqkEzAdoVQ6Ga+k6l4Eq1BQITcuqWnEzN6BKg=; h=From:Subject:Date:References:In-Reply-To:To:From; b=q+j/9F/x46mhuEvTr2f5YRwYv1hlQTVTYyshBUvv/kTMMtgFMTjH8vR5ktZsZmvCk Y1+Es18FfHMw+x6LOmP6/Sylph3ZD3JWCDZg05Jqq65eX5j0LugjxBDTRozFlIzJX6 hpSLK2rTNhuhak/sc90bdbQ2ml/2aaDSKJDXmMjk=
In-reply-to: <20200422022741.GI30231@yoink.cs.uwaterloo.ca>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <20200422022741.GI30231@yoink.cs.uwaterloo.ca>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

> On 22 Apr 2020, at 12:27, Ian Goldberg <iang@xxxxxxxxxxxx> wrote:
> 
> On Wed, Apr 22, 2020 at 11:56:54AM +1000, teor wrote:
>> a bad fallback guard can continue to manipulate its client's view of
>> the network
> 
> This is only true to the extent that the fallback guard can choose which
> of three still-valid consensuses to give to the client, right?

Not quite.

Clients tolerate recently-expired consensuses for some operations, up
to 72 hours in some cases.

When I last checked, TAILS set its system clock off the date in the
consensus it receives.

Clients also download authority certificates from fallback directory
mirrors. I think that's the whole trust path from the hard-coded
authority fingerprints, to the certificates, and then a valid consensus.

Since clients use an ORPort connection to download consensuses,
a malicious fallback directory mirror can also provide them with:
* the wrong date (triggering a clock skew warning)
* the wrong external IP address (not used for much)
* malicious directory documents
  * note that decompression and some parsing happens before the
     signature checks
* slow transfer speeds (like slowloris)

Using multiple fallbacks mitigates most of these issues.

T

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- Re: [tor-dev] Fallback Directory Handover
  - From: Ian Goldberg

Prev by Author: Re: [tor-dev] Building a privacy-preserving "contact tracing" app
Next by Author: Re: [tor-dev] Tor Relay wont connect to private IP address
Previous by thread: Re: [tor-dev] Fallback Directory Handover
Next by thread: [tor-dev] Building a privacy-preserving "contact tracing" app
Index(es):
- Author
- Thread