[tor-commits] [tor/master] No longer advertise or negotiate any consensus method before 13.
nickm at torproject.org
nickm at torproject.org
Tue Aug 26 13:44:28 UTC 2014
commit df99ce23952d76c0ad8265de250e30946c57eff9
Author: Nick Mathewson <nickm at torproject.org>
Date: Fri Aug 15 17:51:16 2014 -0400
No longer advertise or negotiate any consensus method before 13.
Implements proposal 215; closes ticket 10163.
Why? From proposal 215:
Consensus method 1 is no longer viable for the Tor network. It
doesn't result in a microdescriptor consensus, and omits other
fields that clients need in order to work well. Consensus methods
under 12 have security issues, since they let a single authority
set a consensus parameter.
...
For example, while Tor 0.2.4.x is under development, authorities
should really not be running anything before Tor 0.2.3.x. Tor
0.2.3.x has supported consensus method 13 since 0.2.3.21-rc, so
it's okay for 0.2.4.x to require 13 as the minimum method. We even
might go back to method 12, since the worst outcome of not using 13
would be some warnings in client logs. Consensus method 12 was a
security improvement, so we don't want to roll back before that.
---
src/or/dirvote.c | 8 +++++---
src/or/dirvote.h | 3 +++
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/or/dirvote.c b/src/or/dirvote.c
index 30f1321..cec13c4 100644
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@@ -110,7 +110,8 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
char *params;
authority_cert_t *cert = v3_ns->cert;
char *methods =
- make_consensus_method_list(1, MAX_SUPPORTED_CONSENSUS_METHOD, " ");
+ make_consensus_method_list(MIN_SUPPORTED_CONSENSUS_METHOD,
+ MAX_SUPPORTED_CONSENSUS_METHOD, " ");
format_iso_time(published, v3_ns->published);
format_iso_time(va, v3_ns->valid_after);
format_iso_time(fu, v3_ns->fresh_until);
@@ -537,7 +538,8 @@ compute_consensus_method(smartlist_t *votes)
static int
consensus_method_is_supported(int method)
{
- return (method >= 1) && (method <= MAX_SUPPORTED_CONSENSUS_METHOD);
+ return (method >= MIN_SUPPORTED_CONSENSUS_METHOD) &&
+ (method <= MAX_SUPPORTED_CONSENSUS_METHOD);
}
/** Return a newly allocated string holding the numbers between low and high
@@ -1346,7 +1348,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
log_warn(LD_DIR, "The other authorities will use consensus method %d, "
"which I don't support. Maybe I should upgrade!",
consensus_method);
- consensus_method = 1;
+ consensus_method = MAX_SUPPORTED_CONSENSUS_METHOD;
}
/* Compute medians of time-related things, and figure out how many
diff --git a/src/or/dirvote.h b/src/or/dirvote.h
index 4c57e43..c9ea987 100644
--- a/src/or/dirvote.h
+++ b/src/or/dirvote.h
@@ -21,6 +21,9 @@
/** Smallest allowable voting interval. */
#define MIN_VOTE_INTERVAL 300
+/** The lowest consensus method that we currently support. */
+#define MIN_SUPPORTED_CONSENSUS_METHOD 13
+
/** The highest consensus method that we currently support. */
#define MAX_SUPPORTED_CONSENSUS_METHOD 18
More information about the tor-commits
mailing list