[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5595 [Tor]: Some relays tried to refetch maatuska's new certificate repeatedly

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5595 [Tor]: Some relays tried to refetch maatuska's new certificate repeatedly
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 21 Mar 2013 20:41:26 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 21 Mar 2013 16:41:38 -0400
In-reply-to: <047.67885772dfad519201c1f1b49c4d863b@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.67885772dfad519201c1f1b49c4d863b@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5595: Some relays tried to refetch maatuska's new certificate repeatedly
------------------------------------+---------------------------------------
 Reporter:  rransom                 |          Owner:  andrea            
     Type:  defect                  |         Status:  assigned          
 Priority:  critical                |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor                     |        Version:                    
 Keywords:  tor-relay 023-backport  |         Parent:                    
   Points:                          |   Actualpoints:                    
------------------------------------+---------------------------------------

Comment(by andrea):

 At present, authority_certs_fetch_missing() generates a list of identity
 digests of trusted dir servers and signers in the provided consensus; this
 is wrong in the case that it encounters a signed object in the consensus
 with a certificate other than the newest for that authority, and will
 cause it to repeatedly try to download the newest certificate for that
 authority, emit this warning when it sees it already has that one, and
 never get the one it actually needs to stop re-requesting it.

 The solution is to modify authority_certs_fetch_missing() to assemble two
 lists of missing certificates, one by identity digest for any we don't
 have in trusted_dir_servers, and use /tor/keys/fp/<identity-digest>
 requests just as the current implementation does, but also assemble a list
 of (identity digest, signing key digest) pairs for signing certificates
 needed to verify a consensus and launch another request using /tor/keys
 /fp-sk/... for those certificates.  Since nothing actually uses /tor/keys
 /fp-sk at the moment, implementation of this will occur pending
 verification that these requests actually work.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5595#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #3994 [Tor bundles/installation]: Get TorBrowser in Debian
Next by Author: Re: [tor-bugs] #3994 [Tor bundles/installation]: Get TorBrowser in Debian
Previous by thread: Re: [tor-bugs] #5595 [Tor]: Some relays tried to refetch maatuska's new certificate repeatedly
Next by thread: Re: [tor-bugs] #5595 [Tor]: Some relays tried to refetch maatuska's new certificate repeatedly
Index(es):
- Author
- Thread