Opened 3 years ago

Last modified 5 months ago

#17728 new enhancement

Use NETINFO handshake rather than date header to check time with authorities — at Version 3

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-client easy time bootstrap
Cc: dmr Actual Points:
Parent ID: #9675 Points:
Reviewer: Sponsor:

Description (last modified by nickm)

tor currently checks its clock against the directory authorities by reading the HTTP date header in the directory documents.

In #15775, we allow clients to bootstrap using fallback directories, rather than authorities.

In #4483, we make multiple connections, and use the first connection that starts downloading. If there are multiple connections downloading, we favour authority connections, so that tor can still get a clock check.

But if tor used the date from the TLS handshake, it could abort authority connections sooner. This would place less load on the authorities.

This would be similar to the tlsdate implementation:
https://github.com/ioerror/tlsdate

Edited: Look at the netinfo cell, not the TLS handshake. -- nickm

Child Tickets

Change History (3)

comment:1 Changed 3 years ago by nickm

That date is sent in the clear, and recent TLS implementations will randomize it. But the NETINFO cell should have a view of the current time.

comment:2 Changed 3 years ago by teor

Parent ID: #9675

comment:3 Changed 3 years ago by nickm

Description: modified (diff)
Summary: Use TLS handshake rather than date header to check time with authoritiesUse NETINFO handshake rather than date header to check time with authorities
Note: See TracTickets for help on using tickets.