[tor-bugs] #28184 [Core Tor/Tor]: Reload is additive with regards to new v3 HS client authorizations but it won't subtract deleted ones

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Nov 7 20:01:58 UTC 2018


#28184: Reload is additive with regards to new v3 HS client authorizations but it
won't subtract deleted ones
--------------------------+------------------------------------
 Reporter:  jchevali      |          Owner:  haxxpop
     Type:  defect        |         Status:  needs_information
 Priority:  Medium        |      Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.5.2-alpha
 Severity:  Normal        |     Resolution:
 Keywords:  tor-hs        |  Actual Points:
Parent ID:                |         Points:
 Reviewer:  asn           |        Sponsor:
--------------------------+------------------------------------
Changes (by dgoulet):

 * status:  needs_review => needs_information


Comment:

 Ooook we had a discussion on IRC but without much of a conclusion I would
 say. I'll express my thoughts:

 This patch is indeed quite large for what it does, not that there is a
 quicker way to do it but rather lets step back and think what we want.

 1. Closing the intro/RP circuits (client side):

  That requires quite a bit of complexity including adding a way to lookup
 circuits by service identity key from the `hs_circuitmap`. I wouldn't be
 too sad if we don't do that. Those circuits would simply close by
 themselves at some point or heck even be used for the same .onion.

 2. Clearing our descriptor cache (client side):

  This is a bit more interesting because if the client authorization for
 A.onion changed then the old descriptor is not usable anymore meaning we
 won't be able to decrypt it.

  There lies another issue. I don't think we have that feature which is if
 a client looks up a descriptor in its cache and can not decrypt it, we
 should purge it and refetch it. A client does NOT store a descriptor that
 it can't decode so at least that is that. But this situation can happen if
 we change the client auth for A.onion and SIGHUP.

 All in all, we could reduce the complexity of this patch by simply adding
 a way to "purge a undecodable descriptor in our cache" which will lead to
 fetching the new descriptor and using the new client authorization.

 We would ignore the closing the circuits because if there is an RP circuit
 for A.onion, great we use it.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28184#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list