[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #15774 [Tor]: Signed Fallback Directory File

Subject: [tor-bugs] #15774 [Tor]: Signed Fallback Directory File
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 22 Apr 2015 14:24:11 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 22 Apr 2015 10:24:22 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#15774: Signed Fallback Directory File
--------------------+------------------------------------
 Reporter:  teor    |          Owner:
     Type:  defect  |         Status:  new
 Priority:  minor   |      Milestone:  Tor: 0.2.???
Component:  Tor     |        Version:  Tor: 0.2.4.7-alpha
 Keywords:  lorax   |  Actual Points:
Parent ID:          |         Points:
--------------------+------------------------------------
 See
 https://lists.torproject.org/pipermail/tor-dev/2015-April/008682.html
 and #15642, in which I say:

     The function which loads fallback directories currently loads from a
 string array inside the function, so it would need to be modified to load
 from a signed file. I support the security benefits of signed fallback
 directories enough to write client code and unit tests for it, but I'm not
 sure how the code for the authorities would work - is the proposal to sign
 a section of the consensus, and output it as a separate file?

     If so, we would either need to backport, and/or wait until a majority
 of the authorities update to tor versions with the feature. And perhaps a
 majority of clients as well, controlled by a consensus parameter?
 (Otherwise, using any entry in the file itself would allow clients to
 effectively be partitioned from the rest of the network by their
 behaviour.)

     While I'm making a list, do we need to modify the existing proposal
 which describes fallback directories?

     Is this change proposed for 0.2.7?
     Or all currently supported releases?

     Do we need a new configuration option to give the location of the
 (signed) Fallback Directories file?
     How should this interact with the existing FallbackDir option?
     Cumulative?

 And nickm says:

     I think making the file signed is a different ticket, and I don't
 really understand the threat model for it.

 Before we make this change, we need to understand how the threat model is
 different from, for example:
 * a package maintainer adding their own directory
 * a package maintainer removing the signature check code
 * a package maintainer replacing all the authorities

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15774>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #15774 [Tor]: Signed Fallback Directory File
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #15774 [Tor]: Signed Fallback Directory File
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #15642 [Tor]: Disable default fallback directories when DirAuthorities, AlternateDirAuthority, or FallbackDir are set
Next by Author: Re: [tor-bugs] #15774 [Tor]: Signed Fallback Directory File
Previous by thread: Re: [tor-bugs] #12761 [Tor Browser]: Switch to OS X 10.7 SDK in our Tor Browser Mac builds
Next by thread: Re: [tor-bugs] #15774 [Tor]: Signed Fallback Directory File
Index(es):
- Author
- Thread