[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #18963 [Core Tor/Tor]: Download authority certificates even under blackholed authorities or fallbacks
#18963: Download authority certificates even under blackholed authorities or
fallbacks
-------------------------------------------------+-------------------------
Reporter: teor | Owner:
Type: defect | Status:
Priority: Medium | needs_review
Component: Core Tor/Tor | Milestone: Tor:
Severity: Normal | 0.2.8.x-final
Keywords: must-fix-before-028-rc, | Version: Tor:
029-proposed | 0.2.8.1-alpha
Parent ID: #18816 | Resolution:
Reviewer: | Actual Points:
| Points: small
| Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):
* keywords: 029-proposed => must-fix-before-028-rc, 029-proposed
* status: needs_revision => needs_review
* points: medium => small
* parent: => #18816
* milestone: Tor: 0.2.??? => Tor: 0.2.8.x-final
Comment:
Please see my branch bug18963-remember on
âhttps://github.com/teor2345/tor.git for a much better fix. It remembers
the directory we downloaded the consensus or certificates from, and re-
uses it to download future certificates.
06d05cb Fetch certificates from the same directory as the consensus
ff122a2 Fetch certificates from the same directory as previous
certificates
(Optional, but I think it's a good idea.)
This works well if multiple fallbacks or authorities are blackholed,
because we've already found one that isn't.
This might have minor security implications, if we fetch the consensus and
its certificates from the same directory, it can feed us a consistently
wrong view of the world.
It's quite a simple code change (much of it it comments or argument-
passing), I'd like to see it go in 0.2.8, so we achieve the goal of the
fallback directory feature.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18963#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs