[tor-bugs] #24851 [Core Tor/Fallback Scripts]: create a script that generates the authority format from the authorities in the current consensus

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 29 22:12:55 UTC 2018 

#24851: create a script that generates the authority format from the authorities in
the current consensus
---------------------------------------+-----------------------------------
 Reporter:  teor                       |          Owner:  (none)
     Type:  enhancement                |         Status:  new
 Priority:  Medium                     |      Milestone:  Tor:
                                       |  0.3.4.x-final
Component:  Core Tor/Fallback Scripts  |        Version:
 Severity:  Normal                     |     Resolution:
 Keywords:  tor-dirauth                |  Actual Points:
Parent ID:  #24818                     |         Points:  0.5
 Reviewer:                             |        Sponsor:
---------------------------------------+-----------------------------------

Comment (by teor):

 Replying to [comment:4 atagar]:
 > Hi Tim. Is this to generate tor's hardcoded list of authorities? If so
 then seems a little odd to check for the 'Authority' flag since this means
 that your script will omit authorities when they're down.
 >
 > For what it's worth Stem has a get_authorities() which references its
 own copy of the authority list...
 >
 >
 https://stem.torproject.org/api/descriptor/remote.html#stem.descriptor.remote.get_authorities
 >
 https://gitweb.torproject.org/stem.git/tree/stem/descriptor/remote.py#n823
 >
 > However, probably unhelpful due to the clear chicken-and-egg since part
 of the goal is to sync this listing with the document you generate.
 >
 > Maybe the best bet would be for your script to include a hardcoded
 listing of the authority fingerprints, then...
 >
 > * Fetch their descriptors to generate the rest of the doc (address,
 or/dirport, nickname, etc).
 > * If any of the hardcoded relays isn't present in the consensus then
 error.
 >
 > This way adding/removing authorities is as simple as changing the list
 of fingerprints and rerunning your script.

 I want to use the consensus to make sure that we only include valid IPv6
 addresses for authorities.
 When we start hard-coding ed25519 key fingerprints, we can use it to warn
 about incorrectly pinned ed25519 keys.
 (Key pinning is much less of a concern, but IPv6 addresses can be quite
 dynamic.)

 I don't think it matters whether the other fields are retrieved from the
 consensus or the descriptor.
 So your strategy sounds good.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24851#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list