Opened 4 years ago

Closed 4 years ago

#17716 closed enhancement (duplicate)

Do clients need to do authority clock checks?

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: 0.2.8.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: #4483 Points:
Reviewer: Sponsor:

Description

The current code in #4483 tracks if a client has done a clock check with an authority.

But it doesn't do anything with that information at the moment:

  • making clients wait to contact an authority during bootstrap negates the point of fallback directories (#15775)
  • making clients continue to contact authorities after bootstrapping risks an inadvertent DoS on the authorities.

How important are client clock checks?
Do we need to launch a connection every N hours / days simply to check our clock with an authority?
Is it worth the extra load on the authorities?
Do we trust the clocks on fallback directories?

Child Tickets

Change History (5)

comment:1 Changed 4 years ago by teor

Status: newneeds_review

I've modified the code in #4483 so that, when there are multiple connections downloading, it prefers to complete the download on a connection to an authority.

Ideally, we should use the authority's TLS handshake to check our clock, and then we wouldn't need to download the consensus from authorities at all. (See #17728.)

I'd like to get a review of this code before closing this ticket, but that needs to wait on the rest of #4483.

comment:2 Changed 4 years ago by teor

Status: needs_reviewneeds_revision

I spoke with nickm on IRC:

We can warn if the time is wrong whenever we download the consensus, as long as we say who is giving us the time, and that they could be wrong or lying.

We might also want to mention whether they're a normal directory, fallback, or authority.
(We should probably also limit warnings to once per day.)

This allows us to:

  • prefer fallback directories when multiple connections are downloading
  • initiate connections to a fallback directory first (and then try an authority after a delay)

comment:3 Changed 4 years ago by teor

Status: needs_revisionneeds_review

This has been done as part of #4483.

comment:4 Changed 4 years ago by teor

This is implemented in my branch feature4483-v10 in commit "Prop210: Adjust clock skew message for fallback directories".

Full details in #4483.

comment:5 Changed 4 years ago by teor

Resolution: duplicate
Status: needs_reviewclosed

We'll do this in the refactoring in #17739.

Note: See TracTickets for help on using tickets.