[tor-bugs] #2628 [Tor Client]: Be smarter about launching connections to authorities to learn about clock skew

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Mar 1 09:35:26 UTC 2011 

#2628: Be smarter about launching connections to authorities to learn about clock
skew
-------------------------+--------------------------------------------------
 Reporter:  nickm        |          Owner:                  
     Type:  enhancement  |         Status:  new             
 Priority:  normal       |      Milestone:  Tor: unspecified
Component:  Tor Client   |        Version:                  
 Keywords:  easy         |         Parent:                  
   Points:               |   Actualpoints:                  
-------------------------+--------------------------------------------------

Comment(by Sebastian):

 Generally the way I think  it should work is that if we learn from a
 certain fraction of sources of time we have access to (our bridges, our
 guards/directory guards) that our clock is skewed we should try to get an
 opinion with higher authority. This could be either a few more directory
 mirrors, or directory authorities (depending on how much we've learned so
 far). Once we're pretty sure our time is wrong we should warn the user.

 Additionally, I think we should implement that config option that allows
 you to say "my clock is skewed by X seconds". To go along with it, there
 should be an option to automatically adjust that configuration value as we
 learn about clock skew from a reliable source (n directory authorities for
 example). This could be turned on for TBB and live CDs etc, basically for
 Tor setups that are supposed to work anywhere without the necessary admin
 rights/VM controls/etc required to change the system time.

 A few more things to consider here are:
  * Bridge users: Making direct connections to the directory authorities is
 not only not feasible, but also actively harmful. Any solution that we
 come up with should take this into account by either special-casing bridge
 users or not requiring direct connections to the directory authority. Same
 goes for regular clients who picked directory guards (once we have them).
  * Directory authority load: If a bunch of relays have the wrong time and
 clients connect to directory authorities too often, this will be a big
 overhead (because we'd want the time data to be authenticated).
  * Implementation complexity: If we only do the first idea I presented
 above, the complexity is likely too high for not enough gain. If we do the
 latter however we need it.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2628#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list