[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal: Don't include package fingerprints in consensus documents

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal: Don't include package fingerprints in consensus documents
From: teor <teor@xxxxxxxxxx>
Date: Fri, 22 Feb 2019 12:29:17 +1000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 21 Feb 2019 21:29:39 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1550802564; bh=c5mYRho/aq6SmYl/OPa4FLOcBCJDvy3fLBE49INWTC4=; h=From:Reply-To:Subject:Date:References:To:In-Reply-To:From; b=SZzypuMMD0TG9i7JLmn96xpXIyMQ541YU3eohwReOGFyuwSZRwB6rS215xEQYRFNc 4sqNAVjSEiCYDPd7Vrc0nME6X/cUTP/SVS11FN9G/MI6IHJD7y12U1HmiZq78gMHQO EZrgh7dgRlLCRz2oC7cUC8Qz3ABL/zhnTLDG50+A=
In-reply-to: <4daa36ef-f422-0e28-f167-96f91bdd795c@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <4daa36ef-f422-0e28-f167-96f91bdd795c@torproject.org>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi,

> On 22 Feb 2019, at 07:59, Iain Learmonth <irl@xxxxxxxxxxxxxx> wrote:
> 
> Signed PGP part
> Hi All,
> 
> #28465 [0] needed a proposal. Feedback is welcome and encouraged. I've
> not written a proposal before, so if someone could let me know if I'm
> following the process OK (or not) then that is useful too.
> 
> [0] https://trac.torproject.org/projects/tor/ticket/28465
> 
> <xxx-dont-vote-on-package-fingerprints.txt>

Proposal:

> 0. Abstract
> 
>    I propose modifying the Tor consensus document to remove
>    digests of the latest versions of one or more package files, to
>    prevent software using Tor from determining its up-to-dateness, and
>    to hinder users wanting to verify that they are getting the correct
>    software.

I had to read this paragraph twice to understand it.
The way it's written, it sounds like we're doing a bad thing.
(Until I read the "security" section at the end of the proposal.)

Can you mention the positive aspects in the Abstract?

> 2. Proposal
> 
>    We deprecate the "package" line in the specification for votes.
> 
>    If the consensus method is at least XX then "package" lines should
>    not appear in consensuses.

Let's be a bit more precise:

   We allocate a consensus method when this proposal is implemented.
   Let's call it consensus method N.

   If the consensus method is between 19 and (N-1), "package" lines
   MAY appear in consensuses. If the consensus method is less than
   19, or at least N, "package" lines MUST NOT appear in consensuses.

I'd like to add another part to the proposal:

   Directory authorities stop voting for "package" lines in their
   votes. Changes to votes do not require a new consensus method, so
   this part of the proposal can be implemented separately.

Based on:

https://trac.torproject.org/projects/tor/ticket/28465#comment:1
https://trac.torproject.org/projects/tor/ticket/28465#comment:3

T

Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Proposal: Don't include package fingerprints in consensus documents
  - From: Nick Mathewson

References:
- [tor-dev] Proposal: Don't include package fingerprints in consensus documents
  - From: Iain Learmonth

Prev by Author: Re: [tor-dev] Proposal: Don't include package fingerprints in consensus documents
Next by Author: Re: [tor-dev] Proposal: Don't include package fingerprints in consensus documents
Previous by thread: [tor-dev] Proposal: Don't include package fingerprints in consensus documents
Next by thread: Re: [tor-dev] Proposal: Don't include package fingerprints in consensus documents
Index(es):
- Author
- Thread