[tor-bugs] #4271 [Torflow]: Perform some integrity checking in bw auth fetches
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Dec 19 03:24:55 UTC 2011
#4271: Perform some integrity checking in bw auth fetches
-----------------------+----------------------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: normal | Milestone:
Component: Torflow | Version:
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by aagbsn):
Replying to [comment:3 mikeperry]:
> The repo is fine for storing the certificates. Though you'll note in
mikeperry/pid_control I added the ability to randomly choose one url from
a list of URLs. We need to support multiple URLs for that.
>
We just need to concatenate all signing certs/signing CA's into the same
cacert file.
> As for making noise.. Hrmm.. Let's do baby steps for that. Any
incremental improvement on validation is good here, but we don't want to
allow arbitrary SSL MITMs to break or otherwise delay the bw scan, and
finding them is the exit authority's job.
>
If the certificate does not validate (SSL MITM), the scan of that host is
aborted. I suspect that having some hosts effectively unscanned is
undesirable.
> Therefore, I think "log a WARN in bwauthority_child, but fallback to
unverified download" is the best option.
I agree.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4271#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list