[tor-dev] Proposal xxx: Consensus Hash Chaining
Nick Mathewson
nickm at alum.mit.edu
Sat Jan 10 20:50:32 UTC 2015
On Tue, Jan 6, 2015 at 1:54 PM, Sebastian G. <bastik.tor>
<bastik.tor at googlemail.com> wrote:
> 06.01.2015, 18:51 Andrea Shepard:
>> Here's a proposal Nick Mathewson and I just wrote for ticket #11157.
>>
>> [...]
>> 1. Introduction and overview
>>
>> To avoid some categories of attacks against directory authorities and their
>> keys, it would be handy to have an explicit hash chain in consensuses.
>>
>> 2. Directory authority operation
>>
>> We add the following field to votes and consensuses:
>>
>> previous-consensus ISOTIME [SP HashName "=" Base16]* NL
>>
>> where HashName is any keyword.
>>
>>[...]
>
> To quote Nick Mathewson "I forget what else this was supposed to be good
> for." (see the ticket)
>
> I fail to see what kind of attacks would be prevented/avoided.
The point of this proposal is to make some kinds of attacks are more
easily detected. Right now, an attacker who somehow managed to steal
or compromise a majority of authority signing keys (which we really
hope is hard to do) could generate their own consensuses, and feed
them to targeted clients. The rest of the network wouldn't
necessarily notice.
With this proposal, the attacker would need to keep any targeted
client misfed indefinitely, since if you didn't, the clients would
eventually get a good consensus and realize that the previous one was
bogus. This would raise the cost of such an attack, and raise the
odds of it being detected.
At least, that's the theory.
--
Nick
More information about the tor-dev
mailing list