[tor-bugs] #4271 [Torflow]: Perform some integrity checking in bw auth fetches

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Dec 19 03:24:55 UTC 2011

#4271: Perform some integrity checking in bw auth fetches
 Reporter:  mikeperry  |          Owner:  mikeperry
     Type:  defect     |         Status:  new      
 Priority:  normal     |      Milestone:           
Component:  Torflow    |        Version:           
 Keywords:             |         Parent:           
   Points:             |   Actualpoints:           

Comment(by aagbsn):

 Replying to [comment:3 mikeperry]:
 > The repo is fine for storing the certificates. Though you'll note in
 mikeperry/pid_control I added the ability to randomly choose one url from
 a list of URLs. We need to support multiple URLs for that.
 We just need to concatenate all signing certs/signing CA's into the same
 cacert file.

 > As for making noise.. Hrmm.. Let's do baby steps for that. Any
 incremental improvement on validation is good here, but we don't want to
 allow arbitrary SSL MITMs to break or otherwise delay the bw scan, and
 finding them is the exit authority's job.
 If the certificate does not validate (SSL MITM), the scan of that host is
 aborted. I suspect that having some hosts effectively unscanned is

 > Therefore, I think "log a WARN in bwauthority_child, but fallback to
 unverified download" is the best option.
 I agree.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4271#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list