[tor-bugs] #22498 [Core Tor/Tor]: Offline directory authorities need a way to post their certificate to other authorities
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jun 5 16:28:24 UTC 2017
#22498: Offline directory authorities need a way to post their certificate to other
authorities
------------------------------+----------------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: very long term
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: tor-auth, tor-auth-offline
Actual Points: | Parent ID:
Points: 5 | Reviewer:
Sponsor: |
------------------------------+----------------------------------------
We have wanted to be able to run (the signing parts of) a directory
authority offline for a while, because it's more secure.
So I have been experimenting with an offline (ORPort and DirPort
unreachable) directory authority on the test net.
Almost everything works: it posts votes, downloads votes from other
authorities, signs consensuses, and posts its signature. It could easily
do these things using a 3-hop Tor path.
But once its authority certificate expires, it has no way to post it to
the other authorities.
A workaround is to overwrite another authority's cached-certs file with
the missing authority certificate file. But this is nasty.
We should make authorities accept certificate posts, and post their
certificates to one another.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22498>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list