Changes between Initial Version and Version 1 of Ticket #15642, comment 9


Ignore:
Timestamp:
Apr 22, 2015, 12:09:39 PM (4 years ago)
Author:
teor
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #15642, comment 9

    initial v1  
    22in which I say:
    33
    4 {{{
    5 I am also concerned that this general area of the code lacks unit tests, which it might be wise to include before we effectively activate it for the first time.
    6 ...
    7 there's currently no coverage for the function that adds fallback directories. (In fact, I mock it in my unit tests, because I need it to do *something* so I know if it has been called or not.)
    8 ...
    9 The function which loads fallback directories currently loads from a string array inside the function, so it would need to be modified to load from a signed file. I support the security benefits of signed fallback directories enough to write client code and unit tests for it, but I'm not sure how the code for the authorities would work - is the proposal to sign a section of the consensus, and output it as a separate file?
    10 
    11 If so, we would either need to backport, and/or wait until a majority of the authorities update to tor versions with the feature. And perhaps a majority of clients as well, controlled by a consensus parameter? (Otherwise, using any entry in the file itself would allow clients to effectively be partitioned from the rest of the network by their behaviour.)
    12 
    13 While I'm making a list, do we need to modify the existing proposal which describes fallback directories?
    14 
    15 Is this change proposed for 0.2.7?
    16 Or all currently supported releases?
    17 }}}
     4  I am also concerned that this general area of the code lacks unit tests, which it might be wise to include before we effectively activate it for the first time.
     5  ...
     6  there's currently no coverage for the function that adds fallback directories. (In fact, I mock it in my unit tests, because I need it to do *something* so I know if it has been called or not.)
     7  ...
     8  The function which loads fallback directories currently loads from a string array inside the function, so it would need to be modified to load from a signed file. I support the security benefits of signed fallback directories enough to write client code and unit tests for it, but I'm not sure how the code for the authorities would work - is the proposal to sign a section of the consensus, and output it as a separate file?
     9 
     10  If so, we would either need to backport, and/or wait until a majority of the authorities update to tor versions with the feature. And perhaps a majority of clients as well, controlled by a consensus parameter? (Otherwise, using any entry in the file itself would allow clients to effectively be partitioned from the rest of the network by their behaviour.)
     11 
     12  While I'm making a list, do we need to modify the existing proposal which describes fallback directories?
     13 
     14  Is this change proposed for 0.2.7?
     15  Or all currently supported releases?
    1816
    1917Also: