[tor-dev] Proposal: Don't include package fingerprints in consensus documents
Nick Mathewson
nickm at alum.mit.edu
Fri Feb 22 12:29:12 UTC 2019
On Thu, Feb 21, 2019 at 9:29 PM teor <teor at riseup.net> wrote:
>
> Hi,
>
> > On 22 Feb 2019, at 07:59, Iain Learmonth <irl at torproject.org> wrote:
> >
> > Signed PGP part
> > Hi All,
> >
> > #28465 [0] needed a proposal. Feedback is welcome and encouraged. I've
> > not written a proposal before, so if someone could let me know if I'm
> > following the process OK (or not) then that is useful too.
> >
> > [0] https://trac.torproject.org/projects/tor/ticket/28465
> >
> > <xxx-dont-vote-on-package-fingerprints.txt>
>
> Proposal:
>
> > 0. Abstract
> >
> > I propose modifying the Tor consensus document to remove
> > digests of the latest versions of one or more package files, to
> > prevent software using Tor from determining its up-to-dateness, and
> > to hinder users wanting to verify that they are getting the correct
> > software.
>
> I had to read this paragraph twice to understand it.
> The way it's written, it sounds like we're doing a bad thing.
> (Until I read the "security" section at the end of the proposal.)
>
> Can you mention the positive aspects in the Abstract?
>
> > 2. Proposal
> >
> > We deprecate the "package" line in the specification for votes.
> >
> > If the consensus method is at least XX then "package" lines should
> > not appear in consensuses.
>
> Let's be a bit more precise:
>
> We allocate a consensus method when this proposal is implemented.
> Let's call it consensus method N.
>
> If the consensus method is between 19 and (N-1), "package" lines
> MAY appear in consensuses. If the consensus method is less than
> 19, or at least N, "package" lines MUST NOT appear in consensuses.
I'd suggest a slightly different phrasing above: There is no "MAY" in
the contents of a consensus, to the extent that the contents of the
consensus are supposed to be deterministic given its inputs.
Instead I'd go with a phrasing like,
"Authorities will continue computing consensus package lines in the
consensus if the consensus method is between 19 and (N-1). If the
consensus method is N or later, they omit these lines."
--
Nick
More information about the tor-dev
mailing list