06.01.2015, 18:51 Andrea Shepard:
Here's a proposal Nick Mathewson and I just wrote for ticket #11157.
[...]
- Introduction and overview
To avoid some categories of attacks against directory authorities and their keys, it would be handy to have an explicit hash chain in consensuses.
- Directory authority operation
We add the following field to votes and consensuses:
previous-consensus ISOTIME [SP HashName "=" Base16]* NLwhere HashName is any keyword.
[...]
To quote Nick Mathewson "I forget what else this was supposed to be good for." (see the ticket)
I fail to see what kind of attacks would be prevented/avoided.
It's just "we authorities agree that we know these previous consensuses" isn't it?
Let's say one gets a copy from some authorities' key(s), blocks access to it/them, forges the IP addresses as they are hardcoded and then he makes them give the Guard flag to some relays he controls. Those consensuses would contain the previous hashes as well.
OK that might not be the case it should work against, but I fail to understand what it adds to security since an attacker would have access to the previous consensuses as well and therefore be able to create a hash of it.
I understand that it allows the network to notice if I feed it a valid consensus (because I got enough of the right keys to sign it) that doesn't include any or wrong hashes of previous consensuses.
Nevertheless it wouldn't do any damage either, beside what was mentioned in the security implications.
Best Regards, Sebastian G.