Opened 4 years ago
Last modified 2 years ago
#18987 new enhancement
Ship a cached-certs file with Tor, to speed first bootstrap
Reported by: | arma | Owned by: | |
---|---|---|---|
Priority: | Medium | Milestone: | Tor: unspecified |
Component: | Core Tor/Tor | Version: | |
Severity: | Normal | Keywords: | tor-client startup reliability |
Cc: | Actual Points: | ||
Parent ID: | Points: | small | |
Reviewer: | Sponsor: |
Description
Motivated by #18816: it looks like in networkstatus_check_consensus_signature() we return success if there are "enough" signature on the consensus we get. So we could cut out the cert fetching step in initial bootstrap for all new Tors, by having an "if there is no cached-cert file, use this string instead" step.
And this string would continue being good enough until quite a few of the authorities have rotated to a new cert.
Minor issue #1: Tor 0.2.7.6 has now been out for five months. I bet quite a few of the certs have rotated by now. So we should keep in mind that this feature in stable releases will decay over time (and maybe we want a new stable every 4-6 months or something anyway). A fancier option would be to use an external file, and then Tor Browser could just make an updated version of the file as part of its release process.
Minor issue #2: As the stables are decaying, does this feature open the user up to a partitioning attack? I think the answer might be "yes but a very minor one, so let's not worry about it."
Child Tickets
Change History (8)
comment:1 Changed 4 years ago by
Keywords: | 029-proposed added |
---|---|
Milestone: | Tor: unspecified → Tor: 0.2.??? |
Points: | → small |
comment:2 Changed 4 years ago by
Keywords: | 029-nickm-unsure added |
---|
comment:3 Changed 4 years ago by
Keywords: | 029-teor-no added |
---|
This seems like a nice feature for 0.2.10 or later, but it creates some release overhead, and may be unnecessary if we do #18963.
comment:4 Changed 4 years ago by
Keywords: | 029-proposed 029-nickm-unsure 029-teor-no removed |
---|
Pulling out of 029. Maybe if we like #18963 enough we'll want to close this as a wont-do.
comment:6 Changed 3 years ago by
Keywords: | tor-03-unspecified-201612 added |
---|---|
Milestone: | Tor: 0.3.??? → Tor: unspecified |
Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.
comment:7 Changed 3 years ago by
Keywords: | tor-03-unspecified-201612 removed |
---|
Remove an old triaging keyword.
I think we could do this by distributing a default-certs file with Tor, like we distribute the geoip databases.
In fact, if we refreshed this file every time we refreshed the geoip databases, that would streamline the process (and be about the right amount of time).
I think this requires a few lines of code to look for a default-certs file in the static tor files, when no cached-certs file exists. Or do we need a torrc option for its file path, like with geoip?