[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #2628 [Tor Client]: Be smarter about launching connections to authorities to learn about clock skew
#2628: Be smarter about launching connections to authorities to learn about clock
skew
-------------------------+--------------------------------------------------
Reporter: nickm | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: Tor Client | Version:
Keywords: easy | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by Sebastian):
Generally the way I think it should work is that if we learn from a
certain fraction of sources of time we have access to (our bridges, our
guards/directory guards) that our clock is skewed we should try to get an
opinion with higher authority. This could be either a few more directory
mirrors, or directory authorities (depending on how much we've learned so
far). Once we're pretty sure our time is wrong we should warn the user.
Additionally, I think we should implement that config option that allows
you to say "my clock is skewed by X seconds". To go along with it, there
should be an option to automatically adjust that configuration value as we
learn about clock skew from a reliable source (n directory authorities for
example). This could be turned on for TBB and live CDs etc, basically for
Tor setups that are supposed to work anywhere without the necessary admin
rights/VM controls/etc required to change the system time.
A few more things to consider here are:
* Bridge users: Making direct connections to the directory authorities is
not only not feasible, but also actively harmful. Any solution that we
come up with should take this into account by either special-casing bridge
users or not requiring direct connections to the directory authority. Same
goes for regular clients who picked directory guards (once we have them).
* Directory authority load: If a bunch of relays have the wrong time and
clients connect to directory authorities too often, this will be a big
overhead (because we'd want the time data to be authenticated).
* Implementation complexity: If we only do the first idea I presented
above, the complexity is likely too high for not enough gain. If we do the
latter however we need it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2628#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs