Opened 4 years ago

Last modified 21 months ago

#16458 new task

torspec references UTC, but tor uses unix time (leap second handling)

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-spec documentation easy gmt utc time
Cc: catalyst Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


When the various torspec documents specify time, they refer to UTC. But the implementations used by at least Linux, *BSD and OS X are based on the Unix time epoch.

This makes a difference to how leap seconds are handled: UTC includes leap seconds, but unix time excludes them.

We should:

  • ensure that none of the security properties of tor depend on leap seconds either being present or absent, either individually or in aggregate:
    • every minute is not 60 seconds long (and equivalently for hour, day, week)
    • some epoch times can repeat or be missing
    • UTC and Unix time differ by approximately 30 seconds
  • check how the current Linux, BSD, Windows and OS X implementations handle leap seconds (in roughly that order of priority)
  • consider and document tor's handling of leap seconds


Child Tickets

Change History (4)

comment:1 Changed 3 years ago by teor

Milestone: Tor: very long term

comment:2 Changed 22 months ago by nickm

Milestone: Tor: very long termTor: unspecified

Batch modify: these tickets seem to be things that wouldn't actually be a big redesign or a big amount of work, so they belong "Unspecified", not "Very Long Term"

comment:3 Changed 21 months ago by nickm

Keywords: easy gmt utc time added
Severity: Normal

comment:4 Changed 21 months ago by catalyst

Cc: catalyst added

If "Unix time" means POSIX seconds-since-the-epoch, it won't differ by ~30 seconds from UTC. If you're using the "right" time zones from the TZ database (which purport to count SI seconds since the POSIX epoch), you'll get such a difference but you're no longer using POSIX time. I'm hoping that people don't run the "right" time zones in production, but some of the BSDs used to default to it.

Note: See TracTickets for help on using tickets.