[tor-dev] Are we planning to use the "package" mechanism?

Roger Dingledine arma at mit.edu
Fri Jun 16 18:15:57 UTC 2017

On Fri, Jun 16, 2017 at 02:08:53PM -0400, Nick Mathewson wrote:
> With proposal 227 in, we added a way for authorities to
> vote on e.g. the latest versions of the torbrowser package.
> It appears we aren't actually using that, though.  Are we planning to
> use it in the future?

Last I checked, the authority operators were uncomfortable with the
slippery slope of "everybody who has some sort of package sends us their
filename and checksums", because then every Tor client and relay fetches
that text every hour forever, and we could imagine that blob of text
growing out of hand.

That said, having the directory authorities vote about a checksum
of a file, and that file contains all the things, and somebody else
coordinates what goes in that file, how to handle name spaces in it,
etc, sounds like it could be totally doable.

That said, from the directory authority perspective, we would want to
automate the process of voting about that file -- not have the authority
operators manually check the file and change the sha256 every time
somebody updates it.

For example, we could wget the file and then put the checksum into our
votes, thus giving some sort of primitive perspective-access-network
style robustness.

I don't know what this approach would do to the security assumptions
from that proposal though.


More information about the tor-dev mailing list