[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #10324 [Tor]: Sign status documents with RSA2048
#10324: Sign status documents with RSA2048
-----------------------------+-----------------
Reporter: ln5 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+-----------------
Comment (by nickm):
0.2.0 is not actually supposed to work nowadays; the issue is that it
would be Bad Indeed if an 0.2.0 client responded to this change by
downloading a consensus and a set of certs over and over, rejecting the
consensus and the certs as invalid every time, and then downloading a new
set. A small set of zombie 0.2.0 clients would thereby put an unpleasant
amount of needless load on the network.
It's also not enough to test that 0.2.0 doesn't do this with the current
network; we really need to test that 0.2.0 doesn't have this failure mode
when confronted with a network containing *only* 2048-bit signing keys.
Otherwise, things might ''seem'' fine until we drop below 5 1024-bit keys
out of 9 and all hell breaks loose.
Other than that, it looks okay to me.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10324#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs