[tor-dev] prop224: Time Period Overlaps and Blinded Keys

George Kadianakis desnacked at riseup.net
Tue Jun 27 14:18:08 UTC 2017

teor <teor2345 at gmail.com> writes:

> Hi,
> The time period overlap section 2.2.4 in prop224 is under-specified:
> https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt#n821
> 1. During the overlap period, does the service use the new blinded key
> for the new period, and the old blinded key for the old period?
> I think the answer is yes, but this requires some deduction to work
> out.
> 2. If the overlap period starts when a service sees the first consensus
> with a new SRV, does the service stop using that SRV and blinded key:
> * at the end of the period?
>   (that is, exactly 36 hours after the earliest the overlap period
>    could possibly have started.)
> * exactly 36 hours after the SRV was first seen?
>   (that is, exactly 36 hours after the service started the overlap
>    period. For example, if the service fetched the consensus 2 hours
>    after it was created, it would end 2 hours after the end of the
>    period.)
> * when the first reveal consensus is received with that SRV as the
>   previous SRV? (or some similar consensus-driven event)
> Does every service on a tor instance start the overlap at the same
> time?

Hey teor,

thanks for the good questions!

Your questions made us rethink the overlap logic, and check the code to
see whether it conforms with the spec. Apparently the code logic is
quite different from the spec. I opened two tickets to track progress in
this area:

#22736: Update spec wrt overlap behavior of HSes
#22735: HS desc overlap period func uses absolute times instead of slots

More information about the tor-dev mailing list