[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18875 [Metrics/metrics-lib]: Consider replacing RelayNetworkStatusVote's getDirectorySignatures() with getDirectorySignature()
#18875: Consider replacing RelayNetworkStatusVote's getDirectorySignatures() with
getDirectorySignature()
---------------------------------+------------------------------
Reporter: karsten | Owner: karsten
Type: enhancement | Status: needs_review
Priority: Medium | Milestone:
Component: Metrics/metrics-lib | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #19398 | Points:
Reviewer: | Sponsor:
---------------------------------+------------------------------
Comment (by karsten):
Replying to [comment:8 iwakeh]:
> Assuming we don't verify the algorithm strings then your implementation
is fine.
Great! Thanks for looking!
> I have another question:
> The [https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2044
dir-spec, line 2044ff] states that currently there can be two types of
algorithms. With the reasoning above (comment:3) won't there be the
situation that some provide sha1, some sha256, others both? If so, the
signing key digest would be null for the non-default version, even though
there is a signing key, i.e. collector/metrics-lib only provides the
[https://gitweb.torproject.org/user/karsten/metrics-
lib.git/tree/src/org/torproject/descriptor/impl/RelayNetworkStatusVoteImpl.java?h=task-18875&id=9a25bac82726e567bc1885d7d431b652d9217a84#n610
signing key digest] of the default algorithm, is that intended?
Huh, very good point. And now that I look closer at the
`getSigningKeyDigest()` method, I'd say let's deprecate and later remove
it. It's a convenience method that, however, makes the implicit
assumption on the descriptor that there's at least one signature made with
"sha1". We're not making any data inaccessible by taking out that method,
but we're removing a possible source of confusion. Please take another
look at [https://gitweb.torproject.org/user/karsten/metrics-
lib.git/log/?h=task-18875 my updated branch]. Thanks!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18875#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs