[tor-bugs] #18318 [Tor]: Make sure keys and IP:Ports are unique in a consensus

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Feb 16 04:37:47 UTC 2016 

#18318: Make sure keys and IP:Ports are unique in a consensus
-------------------------------+------------------------------------
 Reporter:  teor               |          Owner:
     Type:  defect             |         Status:  new
 Priority:  Very High          |      Milestone:  Tor: 0.2.7.x-final
Component:  Tor                |        Version:
 Severity:  Blocker            |     Resolution:
 Keywords:  TorCoreTeam201602  |  Actual Points:
Parent ID:  #17668             |         Points:
  Sponsor:                     |
-------------------------------+------------------------------------

Comment (by teor):

 https://trac.torproject.org/projects/tor/ticket/17668#comment:15

 In #17668 (comment 15), moria1 votes for two microdescriptors with:
 * (I can't compare RSA keys easily because they're microdescriptors)
 * the same Ed key,
 * the same IPv4 address and Port,
 * but only one of which is Running.

 This means that the current implementation breaks the above rules because:
 * it possibly allows duplicates of the same RSA key in votes, but I can't
 tell for sure,
 * it produces duplicates of the same Ed key in votes,
 * it doesn't parse its own votes, probably because they have duplicates of
 the same Ed key.

 It seems to respect the following rules:
 * if there are duplicate IPv4:Port entries, only one is marked Running.

 I don't know what it does for IPv6.

 The rules I wrote are ambiguous - I think these are more concise:
 * if an older descriptor with the same RSA/Ed/IPv4/Port is verified
 reachable, and a new descriptor arrives with the same RSA/Ed/IPv4/Port,
 authorities must vote the new details, and mark the relay Running;
 * but if one of the keys or the IPv4 or Port changes, authorities must
 discard the old descriptor and reset the reachability check, and only vote
 Running on the new descriptor if the authority has checked its
 reachability by voting time;
 * if both keys change but the IPv4/Port stays the same, authorities should
 vote for all keys claiming to own that IP:Port. Authorities must vote for
 and assign Running to whichever RSA/Ed key was most recently found
 reachable at that IP:Port.

 (And we should do the same for IPv6.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18318#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list