[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #26288 [Core Tor/Tor]: prop289: Implement authenticated SENDME
#26288: prop289: Implement authenticated SENDME
-------------------------------------------------+-------------------------
Reporter: dgoulet | Owner: dgoulet
Type: enhancement | Status:
| needs_revision
Priority: Medium | Milestone: Tor:
| 0.4.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: prop289, 035-roadmap-master, 035 | Actual Points:
-triaged-in-20180711, prop289-assigned- |
sponsor-v, 041-proposed-on-roadmap, network- |
team-roadmap-2019-Q1Q2 |
Parent ID: | Points: 21
Reviewer: nickm | Sponsor:
| SponsorV
-------------------------------------------------+-------------------------
Changes (by teor):
* status: needs_review => needs_revision
Comment:
I reviewed the protocol parts of this patch:
Phase 3 of the transition plan requires old clients and relays to download
a consensus so they learn that they should stop trying to connect to the
network. But since 0.2.8, clients (and censored relays that can't access
any DirPorts) will try to use the ORPort to download a consensus. But
ORPort circuits from legacy clients will fail during phase 3.
Here's what I think we need to do:
1. always allow legacy sendmes for BEGINDIR for the consensus, and
everything that is required to validate a consensus:
* authority certificates,
* relay descriptors (for bridge clients),
* anything else?
2. Revise the transition plan, so it includes the protover changes and the
consensus parameter changes
3. Don't remove the section about extensive testing using chutney:
{{{
- We'll want to do a bunch of testing in chutney before flipping the
- switches in the real network: I've long suspected we still have bugs
- in our sendme timing, and this proposal might expose some of them.
}}}
4. Do the chutney tests now, and do them again when we want to implement
each phase on the public network
The spec and the code are also out of sync: the spec talks about FlowCtrl,
but the code doesn't have FlowCtrl.
Here are the changes I think we need to make:
1. Add FlowCtrl=1 to the protocols advertised by relays in C
2. Add FlowCtrl=1 to the protocols advertised by relays in Rust
3. Clarify "FlowCtrl" in the spec:
{{{
Tor clients and relays that don't support this protover version from
the
consensus "required-client-protocols" or "required-relay-protocols"
lines
will exit and thus not try to join the network. Here is the proposed
value:
"FlowCtrl"
Describes the flow control protocol at the circuit and stream level.
If there is no FlowCtrl protocol version, tor supports the
unauthenticated
flow control features from its supported Relay protocols.
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26288#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs