[tor-bugs] #11458 [Tor]: A newer signing cert should innoculate us against older ones?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 9 09:10:22 UTC 2014
#11458: A newer signing cert should innoculate us against older ones?
----------------------------+------------------------------------
Reporter: arma | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version:
Keywords: needs-proposal | Actual Points:
Parent ID: | Points:
----------------------------+------------------------------------
Sometime in the past year or two somebody might have stolen 7 of the 9
active directory signing keys. They don't expire for several months or
more.
If the existing directory authorities rotate to new signing keys, that
doesn't really change the fact that older ones remain valid.
If we change Tor to look at its cached-certs and refuse to believe in a
signing key if it's convinced there's a newer one, then we can invalidate
older ones by generating newer ones.
That approach wouldn't protect users who are bootstrapping for the first
time, but it would protect them if they'd already bootstrapped. Is this a
worthwhile improvement?
Note that we'd have to sort out edge cases like #11457 -- basically in
this case it would mean that if you ever generate a signing key too far in
the future and then also want to go back to an earlier one, you're fucked.
But has anybody ever needed to do that?
To tolerate rotation better, we'd want the logic to be something like the
suggested fix in #11454: only disbelieve a cert if a) we have a newer one
and b) the one we're disbelieving is sufficiently older than now.
We could also think about shipping with a cached-certs file to keep
raising the bar as users upgrade.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11458>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list