Opened 3 years ago

Last modified 2 years ago

#18987 new enhancement

Ship a cached-certs file with Tor, to speed first bootstrap

Reported by: arma Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-client startup reliability
Cc: Actual Points:
Parent ID: Points: small
Reviewer: Sponsor:

Description

Motivated by #18816: it looks like in networkstatus_check_consensus_signature() we return success if there are "enough" signature on the consensus we get. So we could cut out the cert fetching step in initial bootstrap for all new Tors, by having an "if there is no cached-cert file, use this string instead" step.

And this string would continue being good enough until quite a few of the authorities have rotated to a new cert.

Minor issue #1: Tor 0.2.7.6 has now been out for five months. I bet quite a few of the certs have rotated by now. So we should keep in mind that this feature in stable releases will decay over time (and maybe we want a new stable every 4-6 months or something anyway). A fancier option would be to use an external file, and then Tor Browser could just make an updated version of the file as part of its release process.

Minor issue #2: As the stables are decaying, does this feature open the user up to a partitioning attack? I think the answer might be "yes but a very minor one, so let's not worry about it."

Child Tickets

Change History (8)

comment:1 Changed 3 years ago by teor

Keywords: 029-proposed added
Milestone: Tor: unspecifiedTor: 0.2.???
Points: small

I think we could do this by distributing a default-certs file with Tor, like we distribute the geoip databases.

In fact, if we refreshed this file every time we refreshed the geoip databases, that would streamline the process (and be about the right amount of time).

I think this requires a few lines of code to look for a default-certs file in the static tor files, when no cached-certs file exists. Or do we need a torrc option for its file path, like with geoip?

comment:2 Changed 3 years ago by nickm

Keywords: 029-nickm-unsure added

comment:3 Changed 3 years ago by teor

Keywords: 029-teor-no added

This seems like a nice feature for 0.2.10 or later, but it creates some release overhead, and may be unnecessary if we do #18963.

comment:4 Changed 3 years ago by arma

Keywords: 029-proposed 029-nickm-unsure 029-teor-no removed

Pulling out of 029. Maybe if we like #18963 enough we'll want to close this as a wont-do.

comment:5 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:6 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:7 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:8 Changed 2 years ago by nickm

Keywords: tor-client startup reliability added

But also see #22758

Note: See TracTickets for help on using tickets.