[tor-bugs] #25552 [Core Tor/Tor]: prop224: Onion service rev counters are useless and actually harmful for scalability
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 7 15:41:45 UTC 2018
#25552: prop224: Onion service rev counters are useless and actually harmful for
scalability
-----------------------------------------------+---------------------------
Reporter: asn | Owner: dgoulet
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone: Tor:
| 0.3.4.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.3.1.9
Severity: Normal | Resolution:
Keywords: tor-hs prop224 034-roadmap-master | Actual Points:
Parent ID: | Points: 4
Reviewer: asn | Sponsor:
-----------------------------------------------+---------------------------
Comment (by nickm):
I've reviewed the PR. The biggest issue is related to the use of "\n"
signature_str, which I believe should be "\n" signature_str " " instead.
Other issues not on the PR:
1. How hard is it to DoS this into an OOM condition? Do we need to tie it
into the OOM system? And by doing so, do we subject ourselves to replay
attacks once again?
2. On point 1: perhaps the replay cache should be thought of, not as a
complete replacement for revision counters, but as an alternative to them
when they cannot be used? That is, we could enforce the rule that
revision counters are ''non-decreasing'', but allow revision counters to
remain equal, and use the replay cache to handle only the "equal counter"
case.
That way if we need to rip out the cache because of OOM issues in the
future, or if we solve the problem of coordinating revision counters
between distributed HS providers, we aren't stuck with the cache forever.
3. As above, the unit tests need fixing.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25552#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list