[tor-bugs] #11454 [Tor]: If two auth certs are both old but were generated nearby in time, we keep both

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 9 06:03:49 UTC 2014


#11454: If two auth certs are both old but were generated nearby in time, we keep
both
------------------------+--------------------------------
     Reporter:  arma    |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:
Actual Points:          |  Parent ID:
       Points:          |
------------------------+--------------------------------

Comment (by arma):

 I think maybe this line wanted to be
 {{{
 -            (cert_published + OLD_CERT_LIFETIME < newest_published)) {
 +            (newest_published + OLD_CERT_LIFETIME < now)) {
 }}}
 so we wait 7 days before deleting any unexpired certs, in case we see them
 again (and earlier in the function we ensure that we never delete the
 newest cert for a given authority).

 Does that sound plausible?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11454#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list