[tor-dev] Proposal: Don't include package fingerprints in consensus documents

Nick Mathewson nickm at alum.mit.edu
Fri Feb 22 12:29:12 UTC 2019


On Thu, Feb 21, 2019 at 9:29 PM teor <teor at riseup.net> wrote:
>
> Hi,
>
> > On 22 Feb 2019, at 07:59, Iain Learmonth <irl at torproject.org> wrote:
> >
> > Signed PGP part
> > Hi All,
> >
> > #28465 [0] needed a proposal. Feedback is welcome and encouraged. I've
> > not written a proposal before, so if someone could let me know if I'm
> > following the process OK (or not) then that is useful too.
> >
> > [0] https://trac.torproject.org/projects/tor/ticket/28465
> >
> > <xxx-dont-vote-on-package-fingerprints.txt>
>
> Proposal:
>
> > 0. Abstract
> >
> >    I propose modifying the Tor consensus document to remove
> >    digests of the latest versions of one or more package files, to
> >    prevent software using Tor from determining its up-to-dateness, and
> >    to hinder users wanting to verify that they are getting the correct
> >    software.
>
> I had to read this paragraph twice to understand it.
> The way it's written, it sounds like we're doing a bad thing.
> (Until I read the "security" section at the end of the proposal.)
>
> Can you mention the positive aspects in the Abstract?
>
> > 2. Proposal
> >
> >    We deprecate the "package" line in the specification for votes.
> >
> >    If the consensus method is at least XX then "package" lines should
> >    not appear in consensuses.
>
> Let's be a bit more precise:
>
>    We allocate a consensus method when this proposal is implemented.
>    Let's call it consensus method N.
>
>    If the consensus method is between 19 and (N-1), "package" lines
>    MAY appear in consensuses. If the consensus method is less than
>    19, or at least N, "package" lines MUST NOT appear in consensuses.


I'd suggest a slightly different phrasing above: There is no "MAY" in
the contents of a consensus, to the extent that the contents of the
consensus are supposed to be deterministic given its inputs.

Instead I'd go with a phrasing like,
  "Authorities will continue computing consensus package lines in the
consensus if the consensus method is between 19 and (N-1).  If the
consensus method is N or later, they omit these lines."

-- 
Nick


More information about the tor-dev mailing list