[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #18332 [Tor]: Relay should store HS descriptor even when they don't have the HSDir flag

Subject: [tor-bugs] #18332 [Tor]: Relay should store HS descriptor even when they don't have the HSDir flag
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 17 Feb 2016 15:52:02 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 17 Feb 2016 10:52:15 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18332: Relay should store HS descriptor even when they don't have the HSDir flag
-------------------------+--------------------------------
     Reporter:  dgoulet  |      Owner:
         Type:  defect   |     Status:  new
     Priority:  Medium   |  Milestone:  Tor: 0.2.9.x-final
    Component:  Tor      |    Version:
     Severity:  Normal   |   Keywords:  tor-hs
Actual Points:           |  Parent ID:
       Points:  small    |    Sponsor:  SponsorR
-------------------------+--------------------------------
 This maybe sounds crazy but the idea here is that service and HSDir can
 have
 different view of the network so it's possible that a service thinks some
 relay
 is an HSDir but not the relay itself resulting in a failure to upload the
 descriptor (good thing we have 6 hsdirs!). Also, it would be useful in our
 figth against malicious HSDir enumerating .onion, we could find them
 before
 they actually become an HSDir.

 As long as the relay sees that it's responsible for the descriptor ID, it
 should store it with or without the HSDir flag. Being responsible for the
 descID is important here else we can end up lowering the bar for anyone to
 upload arbitrary data enclosed in a descriptor. Altough this is possible
 right
 now, let's not make it possible for _all_ relays at _all_ time for _any_
 ID.

 As for DoS consideration that is someone uploading lots and lots of
 descriptors
 in the first 96 hours before becoming an HSDir, then oops the relay is out
 of
 memory for legitimate descriptors. First, we currently have this "problem"
 and
 second we do purge our cache if memory usage goes to high (part of our
 oom).

 We should NOT cache it when `supports_tunnelled_dir_requests` is unset.
 It's a
 requirement to become an HSDir that if we don't have we shouldn't do it.
 (`DirCache 0` or `ClientOnly` or `DirPort` set, ...)

 Thoughts?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18332>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #18331 [Tor Browser]: Update OS X toolchain to work with ESR 45
Next by Author: Re: [tor-bugs] #18030 [Tor Browser]: Favicons loaded via the Page Info dialog are going over the catch-all circuit
Previous by thread: Re: [tor-bugs] #18331 [Tor Browser]: Update OS X toolchain to work with ESR 45
Next by thread: Re: [tor-bugs] #13207 [Tor]: Is rend_cache_clean_v2_descs_as_dir cutoff crazy high?
Index(es):
- Author
- Thread