[tor-dev] Patch to improve time-period interval changes in 224-rend-spec-ng.txt
Adrien Johnson
adrienj at adrienj.com
Sat Mar 7 18:23:34 UTC 2015
Hello all,
I have a patch for proposal 224-rend-spec-ng.txt that clarifies the
definition of time periods and improves the behaviour when the time
period duration needs to be changed.
-Adrien Johnson
-------------- next part --------------
From b4dee3bdd7143929d2f3ef0ee1a1c9a4e13d5bad Mon Sep 17 00:00:00 2001
From: Adrien Johnson <adrienj at adrienj.com>
Date: Sat, 7 Mar 2015 13:16:48 -0500
Subject: [PATCH] Added offset to time period calc. in prop224
---
proposals/224-rend-spec-ng.txt | 63 ++++++++++++++++++++++++++++++++----------
1 file changed, 48 insertions(+), 15 deletions(-)
diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt
index ffef617..391b2f1 100644
--- a/proposals/224-rend-spec-ng.txt
+++ b/proposals/224-rend-spec-ng.txt
@@ -615,25 +615,58 @@ Status: Draft
2.2.1. Dividing time into periods [TIME-PERIODS]
- To prevent a single set of hidden service directory from becoming a
+ To prevent a single set of hidden service directories from becoming a
target by adversaries looking to permanently censor a hidden service,
hidden service descriptors are uploaded to different locations that
change over time.
- The length of a "time period" is controlled by the consensus
- parameter 'hsdir-interval', and is a number of minutes between 30 and
- 14400 (10 days). The default time period length is 1500 (one day plus
- one hour).
-
- Time periods start with the Unix epoch (Jan 1, 1970), and are
- computed by taking the number of whole minutes since the epoch and
- dividing by the time period. So if the current time is 2013-11-12
- 13:44:32 UTC, making the seconds since the epoch 1384281872, the
- number of minutes since the epoch is 23071364. If the current time
- period length is 1500 (the default), then the current time period
- number is 15380. It began 15380*1500*60 seconds after the epoch at
- 2013-11-11 20:00:00 UTC, and will end at (15380+1)*1500*60 seconds
- after the epoch at 2013-11-12 21:00:00 UTC.
+ Time is divided into infinitely many discrete "time periods" of
+ identical duration. Each time period is sequentially numbered according
+ to how many whole periods have elapsed since the Unix epoch
+ (1970-1-1 00:00:00 UTC) at the start of that period, plus an offset.
+ The time between the Unix epoch and the start of any time period is
+ evenly divisible by the time period duration.
+
+ current_period = floor((current_time - unix_epoch) / duration) + offset
+
+ Time period duration is controlled by the consensus parameter
+ 'hsdir-interval', which is a number of minutes between 30 and
+ 14400 (10 days). The default time period duration is 1500 (one day plus
+ one hour). The time period numbering offset is controlled by the
+ consensus parameter 'hsdir-offset' which is a signed 32 bit integer.
+ The default numbering offset is 0.
+
+ For example if the current time is 2013-11-14 13:44:32 UTC, and the
+ current time period duration is 1500 minutes (the default), then the
+ number of whole periods that have elapsed since the Unix epoch is
+ 15382. If the current numbering offset is 5, then the current period
+ is 15387. Period 15387 began (15387-5)*1500*60 seconds after the epoch
+ at 2013-11-13 20:00:00 UTC, and will end (15387+1-5)*1500*60 seconds
+ after the epoch at 2013-11-14 21:00:00 UTC.
+
+ When a new time period duration is needed, a new numbering offset is
+ also chosen such that on the expected date consensus is reached on the
+ new values, the then-current time period number will remain the same.
+ This prevents changes to the time period duration from invalidating the
+ current keys and descriptors for all hidden services.
+
+ [NOTE: Depending on how accurately the consensus date can be predicted,
+ this may still be a problem, and it will get worse the further away we
+ are from the epoch. This could be improved by choosing a different epoch
+ closer to the present, or even one in the future.
+
+ An even more robust fix would be to have the epoch date set by a
+ third consensus parameter. This could be changed without altering the
+ progression of period numbers by also giving a new offset. In advance
+ of an expected need for a new duration, a new epoch date could be set
+ in the immediate future and a new offset given. Once consensus is
+ reached on this new epoch date, a new duration and offset are given,
+ timed so that consensus will be reached as close as possible to the
+ epoch date. This would almost guarantee monotonically increasing time
+ period numbers, even across very large duration changes. This assumes
+ consensus parameter value updates are atomic, i.e. if new consensus
+ parameter values are given in a single Tor update, consensus will be
+ reached on all the new values at the same time.]
2.2.2. Overlapping time periods to avoid thundering herds [TIME-OVERLAP]
--
1.9.5.msysgit.0
More information about the tor-dev
mailing list