[tor-bugs] #15642 [Tor]: Disable default fallback directories when DirAuthorities, AlternateDirAuthority, or FallbackDir are set

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 22 12:04:46 UTC 2015


#15642: Disable default fallback directories when DirAuthorities,
AlternateDirAuthority, or FallbackDir are set
------------------------+----------------------------------
     Reporter:  teor    |      Owner:  teor
         Type:  defect  |     Status:  needs_information
     Priority:  minor   |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor     |    Version:  Tor: 0.2.4.7-alpha
   Resolution:          |   Keywords:  tor-client tor-relay
Actual Points:          |  Parent ID:
       Points:          |
------------------------+----------------------------------
Changes (by teor):

 * status:  needs_review => needs_information


Comment:

 See also https://lists.torproject.org/pipermail/tor-
 dev/2015-April/008682.html
 in which I say:

 {{{
 I am also concerned that this general area of the code lacks unit tests,
 which it might be wise to include before we effectively activate it for
 the first time.
 ...
 there's currently no coverage for the function that adds fallback
 directories. (In fact, I mock it in my unit tests, because I need it to do
 *something* so I know if it has been called or not.)
 ...
 The function which loads fallback directories currently loads from a
 string array inside the function, so it would need to be modified to load
 from a signed file. I support the security benefits of signed fallback
 directories enough to write client code and unit tests for it, but I'm not
 sure how the code for the authorities would work - is the proposal to sign
 a section of the consensus, and output it as a separate file?

 If so, we would either need to backport, and/or wait until a majority of
 the authorities update to tor versions with the feature. And perhaps a
 majority of clients as well, controlled by a consensus parameter?
 (Otherwise, using any entry in the file itself would allow clients to
 effectively be partitioned from the rest of the network by their
 behaviour.)

 While I'm making a list, do we need to modify the existing proposal which
 describes fallback directories?

 Is this change proposed for 0.2.7?
 Or all currently supported releases?
 }}}

 Also:

 Do we need a new configuration option to give the location of the (signed)
 Fallback Directories file?
 How should this interact with the existing `FallbackDir` option?
 Cumulative?

 I'm happy to open a new issue for these questions/changes, once we have
 some idea what we'd like to do about them.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15642#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list