[tor-bugs] #28184 [Core Tor/Tor]: Reload is additive with regards to new v3 HS client authorizations but it won't subtract deleted ones

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Nov 7 20:56:08 UTC 2018 

#28184: Reload is additive with regards to new v3 HS client authorizations but it
won't subtract deleted ones
--------------------------+------------------------------------
 Reporter:  jchevali      |          Owner:  haxxpop
     Type:  defect        |         Status:  needs_information
 Priority:  Medium        |      Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.5.2-alpha
 Severity:  Normal        |     Resolution:
 Keywords:  tor-hs        |  Actual Points:
Parent ID:                |         Points:
 Reviewer:  asn           |        Sponsor:
--------------------------+------------------------------------

Comment (by haxxpop):

 Replying to [comment:9 dgoulet]:
 > 2. Clearing our descriptor cache (client side):
 >
 >  This is a bit more interesting because if the client authorization for
 A.onion changed then the old descriptor is not usable anymore meaning we
 won't be able to decrypt it.
 >
 >  There lies another issue. I don't think we have that feature which is
 if a client looks up a descriptor in its cache and can not decrypt it, we
 should purge it and refetch it. A client does NOT store a descriptor that
 it can't decode so at least that is that. But this situation can happen if
 we change the client auth for A.onion and SIGHUP.
 >
 > All in all, we could reduce the complexity of this patch by simply
 adding a way to "purge a undecodable descriptor in our cache" which will
 lead to fetching the new descriptor and using the new client
 authorization.
 >
 > We would ignore the closing the circuits because if there is an RP
 circuit for A.onion, great we use it.

 I would like to add some opinion here. I think "refetching when the client
 can't decode or can't use the IPs" should be considered not client auth
 related.

 I mean we should refetch only when we can't decode or can't use the IPs.
 It shouldn't be triggered by anything else like when the client change the
 auth config, or anything else. Otherwise, I think the code will be too
 complex.

 ps. I use the word "refetch" instead of "clear cache" because I think the
 meanings are similar.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28184#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list