[tor-bugs] #18987 [Core Tor/Tor]: Ship a cached-certs file with Tor, to speed first bootstrap

[Tor Bug Tracker & Wiki]

#18987: Ship a cached-certs file with Tor, to speed first bootstrap
------------------------------+------------------------------
     Reporter:  arma          |      Owner:
         Type:  enhancement   |     Status:  new
     Priority:  Medium        |  Milestone:  Tor: unspecified
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+------------------------------
 Motivated by #18816: it looks like in
 networkstatus_check_consensus_signature() we return success if there are
 "enough" signature on the consensus we get. So we could cut out the cert
 fetching step in initial bootstrap for all new Tors, by having an "if
 there is no cached-cert file, use this string instead" step.

 And this string would continue being good enough until quite a few of the
 authorities have rotated to a new cert.

 Minor issue #1: Tor 0.2.7.6 has now been out for five months. I bet quite
 a few of the certs have rotated by now. So we should keep in mind that
 this feature in stable releases will decay over time (and maybe we want a
 new stable every 4-6 months or something anyway). A fancier option would
 be to use an external file, and then Tor Browser could just make an
 updated version of the file as part of its release process.

 Minor issue #2: As the stables are decaying, does this feature open the
 user up to a partitioning attack? I think the answer might be "yes but a
 very minor one, so let's not worry about it."

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18987>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online