[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10324 [Tor]: Sign status documents with RSA2048

Subject: Re: [tor-bugs] #10324 [Tor]: Sign status documents with RSA2048
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 12 Dec 2013 03:40:37 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 11 Dec 2013 22:40:46 -0500
In-reply-to: <043.f9f1a192a4b80fa791576e19882c25e3@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.f9f1a192a4b80fa791576e19882c25e3@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10324: Sign status documents with RSA2048
-----------------------------+-----------------
     Reporter:  ln5          |      Owner:
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+-----------------

Comment (by nickm):

 0.2.0 is not actually supposed to work nowadays; the issue is that it
 would be Bad Indeed if an 0.2.0 client responded to this change by
 downloading a consensus and a set of certs over and over, rejecting the
 consensus and the certs as invalid every time, and then downloading a new
 set.  A small set of zombie 0.2.0 clients would thereby put an unpleasant
 amount of needless load on the network.

 It's also not enough to test that 0.2.0 doesn't do this with the current
 network; we really need to test that 0.2.0 doesn't have this failure mode
 when confronted with a network containing *only* 2048-bit signing keys.
 Otherwise, things might ''seem'' fine until we drop below 5 1024-bit keys
 out of 9 and all hell breaks loose.

 Other than that, it looks okay to me.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10324#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #10324 [Tor]: Sign status documents with RSA2048
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #10182 [Website]: Update Tor-in-the-press list
Next by Author: Re: [tor-bugs] #5018 [Tor]: don't start ClientTransportPlugin proxies until we have a bridge that wants them
Previous by thread: Re: [tor-bugs] #10324 [Tor]: Sign status documents with RSA2048
Next by thread: Re: [tor-bugs] #10324 [Tor]: Sign status documents with RSA2048
Index(es):
- Author
- Thread