[tor-bugs] #21673 [Core Tor/Tor]: prop140: Handle signatures correctly
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 3 19:32:10 UTC 2017
#21673: prop140: Handle signatures correctly
---------------------------------------+-----------------------------------
Reporter: nickm | Owner: nickm
Type: defect | Status: closed
Priority: Medium | Milestone: Tor:
| 0.3.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution: worksforme
Keywords: prop140 TorCoreTeam201705 | Actual Points: .2
Parent ID: #13339 | Points: .1
Reviewer: | Sponsor: Sponsor4
---------------------------------------+-----------------------------------
Changes (by nickm):
* keywords: prop140 => prop140 TorCoreTeam201705
* actualpoints: .1 => .2
Comment:
Actually, there was an additional corner-case here, that we fixed by a
proposal patch in torspec commit 28816242f9eaa5509dc400a48ade1e7c4a591717.
The problem was that clients would, when contacting caches, identify
consensuses by the sha3 digest of the entire consensus, including
signatures. But there are multiple valid encodings for a set of
signatures, meaning that a malicious cache could serve each client a
different encoding, and recognize the clients using the sha3 digests in
their requests.
The first part of the solution is to fetch consensuses diffs based only on
the consensus's digest-as-signed: the digest of the consensus with no
signatures on it.
The second part of the solution is to generate diffs using the <n>,$d
format to first remove all trailing signatures, so that the diffs will
apply to any valid consensus, no matter how the signatures are encoded.
See #22143 for implementation work here.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21673#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list