[tor-bugs] #23764 [Core Tor/Tor]: hs-v3: No live consensus on client with a bridge

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Dec 12 01:26:49 UTC 2018


#23764: hs-v3: No live consensus on client with a bridge
-------------------------------------------------+-------------------------
 Reporter:  dgoulet                              |          Owner:  dgoulet
     Type:  defect                               |         Status:  new
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-hs, prop224,                     |  Actual Points:
  034-triage-20180328, 034-removed-20180328      |
Parent ID:  #23605                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by teor):

 Replying to [comment:13 dgoulet]:
 > I'm gonna go on a limb here and say that this is a bit "out of scope" in
 some ways or just too complicated for s8 at this stage.

 I agree, I don't think we can get this done in a few weeks, but we should
 do it eventually. Because Tor clients can now bootstrap and use exits with
 a reasonably live consensus (or skewed clock), but they can't use v3 onion
 services.

 > I've gone over the thread above (which is kind of old, things have
 changed a bit since then) and what I can say is that the changes would
 need to happen in many places and thus require us to expand considerably
 our reachability unit testing.
 >
 > First in `can_client_refetch_desc()` to let the client try to download a
 descriptor without a live consensus.
 >
 > The second big part would be in `hs_get_responsible_hsdirs()` which also
 requires a live consensus but also used by the service ... so some split
 to be done.

 No, services should also work with a reasonably live consensus. Otherwise,
 people running services on small devices with skewed clocks will be sad.

 > Then finaly, make `hs_get_time_period_num()` maybe fallback on the
 "latest consensus" instead of `approx_time()` if the live consensus can't
 be found. The idea here is that for the whole subsystem the same time
 source has to be used. So having code path that use the "latest consensus
 valid_after" time with approx_time is a recipe for reachability issue.
 >
 > We had so many issues with timing over the years and ended up realizing
 that whatever we use, the entire subsystem needs to use the same time
 source. In theory, right now, the "live consensus valid_after" should be
 used across the board. Part of my thinks we would benefit from a "HS time
 source" that is updated every time we get a new consensus and then the HS
 subsystem only uses.

 Sounds like we need a module that handles onion service time.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23764#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list