[tor-bugs] #11454 [Tor]: If two auth certs are both old but were generated nearby in time, we keep both
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 9 06:03:49 UTC 2014
#11454: If two auth certs are both old but were generated nearby in time, we keep
both
------------------------+--------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
------------------------+--------------------------------
Comment (by arma):
I think maybe this line wanted to be
{{{
- (cert_published + OLD_CERT_LIFETIME < newest_published)) {
+ (newest_published + OLD_CERT_LIFETIME < now)) {
}}}
so we wait 7 days before deleting any unexpired certs, in case we see them
again (and earlier in the function we ensure that we never delete the
newest cert for a given authority).
Does that sound plausible?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11454#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list