On Tue, Jan 6, 2015 at 1:54 PM, Sebastian G. <bastik.tor> bastik.tor@googlemail.com wrote:
06.01.2015, 18:51 Andrea Shepard:
Here's a proposal Nick Mathewson and I just wrote for ticket #11157.
[...]
- Introduction and overview
To avoid some categories of attacks against directory authorities and their keys, it would be handy to have an explicit hash chain in consensuses.
- Directory authority operation
We add the following field to votes and consensuses:
previous-consensus ISOTIME [SP HashName "=" Base16]* NLwhere HashName is any keyword.
[...]
To quote Nick Mathewson "I forget what else this was supposed to be good for." (see the ticket)
I fail to see what kind of attacks would be prevented/avoided.
The point of this proposal is to make some kinds of attacks are more easily detected. Right now, an attacker who somehow managed to steal or compromise a majority of authority signing keys (which we really hope is hard to do) could generate their own consensuses, and feed them to targeted clients. The rest of the network wouldn't necessarily notice.
With this proposal, the attacker would need to keep any targeted client misfed indefinitely, since if you didn't, the clients would eventually get a good consensus and realize that the previous one was bogus. This would raise the cost of such an attack, and raise the odds of it being detected.
At least, that's the theory.