[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Proposal: Don't include package fingerprints in consensus documents
- To: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-dev] Proposal: Don't include package fingerprints in consensus documents
- From: Iain Learmonth <irl@xxxxxxxxxxxxxx>
- Date: Fri, 22 Feb 2019 16:10:42 +0000
- Autocrypt: addr=irl@xxxxxxxxxxxxxx; prefer-encrypt=mutual; keydata= mQINBFZp8zEBEACxOYriD+tEuc3Wpnbh+GGnyiaLEMABBrfn6JlDQphbBq/YTz9M9OPkttjx hLL/yrxlM1nD69XbGKQ9gIL3LEgOz9+OdivPbN+Q5iNMqk/WCQUqd3bCFbbsn1yvoTumFy9S 9kYX45Db3jRJoN/Nye6Stf7KKPxHxot14iY+PUR/5Gx5KbeWVKfDtQejGnhxQD73KjrX4wds BAaxnQ7KbjQyUf+IxE+8qSDcyTP+pPqxspVzx+eFqsW5+kK1eJMHxJmY/KsAs6IsGf5lvyDJ JECc2iE0mFS6vc14lGcD7BAYMPRnvlK3OcDlbdJS3ZU0LQu3/AplM7cNcesq2Btm06OUTsbj 10ZiyLi7Q0WZRuUbn7t3jOQVyOlNfjUpJhKPMMobBL2R0KzcptJbUrKc08wZD/TPaXuHKWAE JuA6kFMXtHhV8Qhxz5/d2KUA8ex+zpVd2xSR6q4llcYu1w8zHZtLN+YKSmjjKs+AjiTrCMYs OYxt4cwxuaIIhBNvCC9WqZOxHX7YHmpVcSV6K9Wwhk9mVIU3Ii0G2HWs6OQ0vIueCDGMEdVk ig/a7cVlfXNz7WuaXuhOJmHz6d6Yk4dFn5mLbEY9cZhBxf5hjCwtp9b6v+ueuptfcnOd+38G 9KH6NyHKZyS4jcd3E6Dp0+9Isbl/EohjPCujevoW3/DlT08OKQARAQABtDRJYWluIFIuIExl YXJtb250aCAoVG9yIFByb2plY3QpIDxpcmxAdG9ycHJvamVjdC5vcmc+iQJUBBMBCgA+AhsD BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEEqPe6UEHhMzOcuhaWdtWAk/VAq80FAlxe8QQF CQbiS9IACgkQdtWAk/VAq80isw//QGWLLb6wjPW9K/seio9dSVM3gDk6jU7/FhlUuz7oq/6H gPrl7jrxH9PY5jAlkWCK5iPFWpFczUKC+AzzuZQt8VXQp5iYllm1KRrZA6mxpx085Yo3cSLp H9B55IHENo5RFdXMgXZ2aNc6ENG31vB6IZDHXjw9fUxtqyB7fCbIhFtO9pCqwnH/WipISdrl P5/gllUJKsvZiQj8vFfOe2rEHfldhqXxN0ZFvQtQMy0SipqfY2eM47HoDLZ2L5U1iK3iG1fa UWN059Y92zcc9B/AFqHK9xFMObUlWEvqhCGKgullDp4mVF4/OPAC/l02IS85BeFxWbV/HxTY AeoEzO9qrWVitCPTuFC4TQxJq4TbVr/jriFugmbvlE3IIXz5OjqTpyJZw+A8jJ3lwF+V5z21 LdJpEbh+fBBz6tl99Hnn7rjN9WhhsH+BvSC9fCnxs21h+oiGw9zom6blFsLW1yP7mNX2ZRJR DmQs+7kPL4ZS8XekNN82UHXE2pd9M2fSEi5dHK0R9xKJmMSNi/cnEZp1SRx+e+FFDZwzxiFO R30sDEEf+Z1MB/7o5uQXtw59W5Q7p0KycJMfacnb3dulOhFF4Qu1w1K3Iqefq8cQpnlmIGV0 dYT6juPyDlRW19LQVQSTejkLAbkBuXVE0T6dAYVyudJ2lVa3aDvQV5PqL1Y5tdK5Ag0EWmt/ jQEQANhwgR5fq1Slk0T0Sh7Tkc5LjanQH1VuNTxOE7wzcYXrgva2ic4zdhLc2QHP9G4kz0AY /oLxtw5Sj/IMtdzBHKDBXgiqBmvkrz7mOZSQQh6K/JBcKau4MorzB80Z/Z6XQcfFKQh61+8e Im/I7AnJFUELxDe8CYmkJYKVJS9b+i9RNFvXAsamOkClcyXqPYBB9bBI8QlZHweTWDsXJqul xjHLjCWOQyJxfl9xFmlSJtskrLEmprw/PaOtXglrz/2vadn2lL3ack9V1ux9ALa5q8Oc6dnx vA/W3palFpdBoz75FckhRfliYNfdCpgo86w00bJvbJ1f6XfBIBYvsAvrIRWIkMYEmhTYm4xG gEDWz5CvGuuzkF7kJwfPdj1RgVe80JHr9OJc8ZrafBb/p35ldLxmhDi16j2VOj58CKwpi3En nMOMPteDxmCZrWeYKhfwgVAP4/zc4+9vmTp5Wpze00DnQ9MEinmJ2bxf6TyQP36Bf/8zgJVs rpqMOaumbwwmcUh85Q1PXneVWX2ryEv1I7xVMpW4APZDeOMiiHb+EpXPLTPBvXTerd/Pwzb7 WLKNpZI4tl/vh88INdrs3xZd174skDJNaNSnqzUP2kNYcxWZSH/FP4AH1IXvIxwIr9g0RpvY oX55ALOSQOdZ9ioCjf9x9mvnBsehcoEPrgozljzpABEBAAGJBHIEGAEKACYCGwIWIQSo97pQ QeEzM5y6FpZ21YCT9UCrzQUCXF7xLQUJAuC/nwJAwXQgBBkBCgAdFiEE/ps4MHN0fw3t6Aud F4mIfdjVvF0FAlprf40ACgkQF4mIfdjVvF0NJBAAuAVw1aY3IUtp8ZRI5xuhieVFDbye7z86 gP5KW8cAMKTpuowD7E3Rm31R2Pb5dX+vZlunSTBPuzRVnVNd6Kj7CR8BR426L48ogSUfIh4V IWiYxXn4DqqNGow+saPI8VwJ/y80NSb2v+qUdv7us052vs9UBBnI/zl8XrnUNix+B0g+jekT ENEVD9fNJ+9YE9cn80wLGKBx047id1IqgOeJShjE13WRj7sa+LhB8FtoOUeXduQ1sJBZTVJq XW9v0e2PNc37cc8VATrA+3HNSQJY1PETDxjJ1TW8gALpZQrfR+FDu/d2vALdULw/djCeIpl0 dr79isd6mINBKTkEcR8XPQjDUnrnO1U18YETo71N5Z6HpvaV5/XWLUl81wovddpVRvwbwuFP bJE506UiQJrthPKi6s670VBV6u5I+5+h6D+CHp1xp0Bq8PLz0EwqjZwOiLAByBT/ryD2ZY8+ 2rP9gphnEBcCtyp6Fz6Q0KyutpCPv94b4OU0eUTvl3Nroq2GWGGHAV+8r1uXpqdNSHxYmQgy b3H1dvObmE37L3BWrVNzeFb0USNiV04up/55QUrqrz7kLdBO0ZVMVLU3j7e48KcbJG2yzNHZ dnQa+ZMMIRFtm8vzSt+jEIwodi6nOeBgEiqODF8TZPbTc6183ErFoYc/FuhkUh0aR0MLZ92Q bPEJEHbVgJP1QKvNZ94QAK9KrF8hpdlSLTdlQptQ+pfKH2AyC1zyyrSxoxh56inKMgETXLVJ WmEYc1OCLWktUU0qQkCzo6umR7TNVZjx86L6jKKlFTptulQyFVaeaOU8DgFuiqnDXWn5E1cu bp1KCVU9TpBqIC7hN4ifJeY1lVoRGR+x+PCDeYgT+birtIanK5mqKzx74pbLeTTQZALqD8Hr UouxO41NyOGMv4BgZrr9z2ATIEIHZDLihKMEbF6LMjC6oCOgf51x6gV8doVw4ySNc3i/mk6h ztLQBhEc1q5SWfNgXcPDnzzoYsVJMSmV6yMCw3OEwtfZ0BYPQ6hihShOBKVQEHVnGbMIT4md V1S/axXDsLPFLkq1CxZ1L7N8Y5n2lUH00iSo+yWs7lhvt9WKl7sTewjXtibgrAC89uKvIyHe bA0GO9wojlwGAQboCMxZkkADgpHkDNvY675QLWaEs7+JJq4iWwojFh6QrDuOZmR3e9a5xZDb nQScTuPWvhZUtq7ZNZxmjPDdSUomSHe/ahBd+FHNKbgumN3PuXitFTg7LozIZV05oVv9arMs 9KyKGOS6rbim5C3Nx+MitMdr2Vh3tRfHugy0iWFSX5ITkG/RH4fMOzJMgMz/SftZMwMOU4J/ RBiPRyeaMBMqwomg/7o+NjulWHrUlAX+DAsyVtV+K9OLkglikNQtkG0MuQINBFprf6sBEADO ANf22so7uoGcvok2TM/T8BHI5+TqHEc4hVe+JGGJ1ZnWlgtGmpOs0fOQj3WAgGI0ZmTqMuoz KF/K9ljbjaMXsLD+JIBTD4rINy60VX2zHhmWhNaOcJvq+wbuHx0tMbhqsTStGnSkvRhH61nc MqVqlTTTLVQQSxKl9D2l7ZGwEPLHRFlydTOOix+F+Y1ehxYLVaPkaycs8wvgjYsDLo3T8Tmu OL+rcEfvxJ6lT2V5I51xqievqoBazAfXvA8FW/0G+Z9LUJmViOVluWg3xjP8okKYgOkOeX00 vMBCVaiEA08oaxY0ebS7uBEgppjWSwn+WAhB+6spd67d4W+DmAnM262lxFMhVYhXpfeV9zyg ULQOofdE6xtFkaxr/y8xQ4Bf7zX8ko6X9aFQFB/vc+zUtjzjg4VaQvWrThjaHlbEKR55MDxJ u2T9S7g5bR4zxZNv36gwlIdmx33a1AeR1nGcWa/7OtoS53+lUwyFVWLOnucqKh71Y38AAMd5 L9Fsb+ArQem71knEUTC+HvBGkPb2Y2PzGnnzhZyC8zgE8AjVD0wB+RMDNI3+fIW6biKAHDqr S6ZCVkzJ1R9nOjXMHRYZ5qlG+rCOeu6Jp4yNwp46z4PqiiLJ9NtmdNttLCEn5PDVF3g9g811 JcadvFVH1ZELoDGWMg3Q+QOHQBFYj7cj2QARAQABiQI8BBgBCgAmAhsMFiEEqPe6UEHhMzOc uhaWdtWAk/VAq80FAlxe8S0FCQLgv4EACgkQdtWAk/VAq81y0Q//YAbM50BQSjWAyVk52AMv PDEalSOau9jd1zllgurs1+BD4eWkNOJtN9BKaR5pd5VsjYPhL6ypUv/lRsyDPM3h7knuCZmI XYSBkloDqutZ020kR1jNhIZLL3Nma1xqh+oMsB7M+1AcT+Nlez74WgYjNyb7uuFWr99pUBuJ KbVjBq772Jjz3U0q7sa35wQvLaMC+AG/8L+e/fos6jgJhvIq2QeVLuVyeKVlEEO6tpe07Q+e mdCNu4l5eNbWAuvOgvtbVCLz5C4nLNZzr27u0thXzVhZ8ovAzdQTx6d6X4YI3fwBhPxXpqkg eTo3+B8D5lKUgkSZ9xTo+JP9yjCWwytezTL3oElL5LBVlYxdnpDWwOx8rCIgi5OlfVwU03/P O7IrEkqU5jvhZYT4c5/ktCx99kJcYwPUbT4wuhI1JnXyILrtmfC9a0vK8hpIUP4HU9GJTnVH Bl/XZZ6OJWEmSlJWm8KbageOcfLewc3BdWFnY6k5TmrzsFbamaBOgZmJgkNgylEyTjxVnLTk i5wciAp+N9K+tOP5FvgR943RSESZrxHo+XAV+BAK6K6Oae/jlrzGzNLAyJKWjefhyGL3AOru EBhSQaRemp/IUmyKREfowz3f8Lw2NFyJuWGzDgo9/1fmqmZ1JegtfWw0uPHB/rooajODBaol obxU65Qt1SOk2Ws=
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Fri, 22 Feb 2019 11:11:00 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=rujqRD L6q1ozb1I7OJfT7PVNjBeBLq7xQwsOQE0pw+I=; b=K3IfKhYlawLrsoH88lKTev J4yQNWHqYKoDV4iJK/W7AD7RvnUR1tO6ftkMQ2juUmY91S/YFm2BhBfWPkJuGHCz 8DC/1aJXXL/hBZdbrY3QOhpTFJoDTuYl0LooLv48AT8/wRAvNTsNGhh6H7fmSda2 kqhh/DTJ7ImScJKgReU4S5vCF8WqBa8P9Z4y5SeyY4QvDQKy2jJB2IJI+waIhgsS G2dLZ4OCIdauZtEbk3LII3D333NwROAKBvVpgYVJgREHn2cNc2mdK7yipOXk+aOf zDaaNiYCZ2mPFKEnLvS8Ilqkw515WQhdd/fojJeNnysE8r+hYxkB4zwC2o7x++ZQ ==
- In-reply-to: <CAKDKvuy_KR7dpoa9wAMuUd=ON-84XF8o1qZdNrV_msd+fk6-ZA@mail.gmail.com>
- List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
- List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
- List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
- List-post: <mailto:tor-dev@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
- Openpgp: preference=signencrypt
- Organization: Tor Project
- References: <4daa36ef-f422-0e28-f167-96f91bdd795c@torproject.org> <F569B94E-E6BE-4C55-B365-F050AEA9247E@riseup.net> <CAKDKvuy_KR7dpoa9wAMuUd=ON-84XF8o1qZdNrV_msd+fk6-ZA@mail.gmail.com>
- Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0
Hi all,
On 22/02/2019 12:29, Nick Mathewson wrote:
>> I had to read this paragraph twice to understand it.
>> The way it's written, it sounds like we're doing a bad thing.
>> (Until I read the "security" section at the end of the proposal.)
>>
>> Can you mention the positive aspects in the Abstract?
Rewritten this.
> Instead I'd go with a phrasing like,
> "Authorities will continue computing consensus package lines in the
> consensus if the consensus method is between 19 and (N-1). If the
> consensus method is N or later, they omit these lines."
This sounds good too.
Updated draft is attached.
Thanks,
Iain.
Filename: xxx-dont-vote-on-package-fingerprints.txt
Title: Don't include package fingerprints in consensus documents
Author: Iain R. Learmonth
Created: 2019-02-21
Status: Open
Ticket: #28465
0. Abstract
I propose modifying the Tor consensus document to remove
digests of the latest versions of package files. These "package"
lines were never used by any directory authority and so add
additional complexity to the consensus voting mechanisms while
adding no additional value.
1. Introduction
In proposal 227 [1], to improve the integrity and security of
updates, a way to authenticate the latest versions of core Tor
software through the consensus was described. By listing a location
with this information for each version of each package, we can
augment the update process of Tor software to authenticate the
packages it downloads through the Tor consensus. This was
implemented in tor 0.2.6.3-alpha.
When looking at modernising our network archive recently [2], I
came across this line for votes and consensuses. If packages are
referenced by the consensus then ideally we should archive those
packages just as we archive referenced descriptors. However, this
line was never present in any vote archived.
2. Proposal
We deprecate the "package" line in the specification for votes.
Directory authorities stop voting for "package" lines in their
votes. Changes to votes do not require a new consensus method, so
this part of the proposal can be implemented separately.
We allocate a consensus method when this proposal is implemented.
Let's call it consensus method N.
Authorities will continue computing consensus package lines in the
consensus if the consensus method is between 19 and (N-1). If the
consensus method is N or later, they omit these lines.
3. Security Considerations
This proposal removes a feature that could be used for improved
security but currently isn't. As such it is extra code in the
codebase that may have unknown bugs or lead to bugs in the future
due to unexpected interactions. Overall this should be a good
thing for security of Core Tor.
4. Compatability Considerations
A new consensus method is required for this proposal. The
"package" line was always optional and so no client should be
depending on it. There are no known consumers of the "package"
lines (there are none to consume anyway).
A. References
[1] Nick Mathewson, Mike Perry. "Include package fingerprints in
consensus documents". Tor Proposal 227, February 2014.
[2] Iain Learmonth, Karsten Loesing. "Towards modernising data
collection and archive for the Tor network". Technical Report
2018-12-001, December 2018.
B. Acknowledgements
Thanks to teor and Nick Mathewson for their comments and
suggestions on this proposal.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev