Opened 3 years ago

Closed 8 months ago

#19460 closed enhancement (fixed)

Improve consensus handling of clients with skewed clocks

Reported by: asn Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-client timekeeping clock-skew consensus
Cc: intrigeri Actual Points:
Parent ID: #28591 Points: 2
Reviewer: Sponsor: Sponsor8-can

Description

It is my understanding that we aim to support clients with skewed clocks.

I open this ticket for a few suggestions on improving consensus handling by clock skewed clients. It might be worth opening more tickets for better support of clock skewed clients in other parts of the protocol as well. The ideas of this ticket came up while working on prop224.

a) We might want to start accepting consensuses whose valid_after date is slightly in the future (maybe an hour or two max). We are already flexible towards old consensuses (we accept consenuses up to 24 hours old), so maybe we should be flexible in the other direction as well. This should help with slightly backwards-skewed clients.

Security wise, handling future consensuses is in some way safer than handling old consensuses (since these are replayable).

b) We might want to improve our logging when receiving ultra old consensuses. Right now we fail bootstrap silently if we receive a consensus with a valid_until older than 24 hours. This affects clients with clocks skewed forward, and they never learn what the problem is.

Child Tickets

Change History (11)

comment:1 Changed 3 years ago by nickm

Keywords: 029-proposed removed

comment:2 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:3 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:4 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:5 Changed 2 years ago by nickm

Keywords: tor-client timekeeping clock-skew consensus added
Type: defectenhancement

comment:6 Changed 17 months ago by cypherpunks

A side note:
TBB (Tor 0.3.2.10) on a 1:40:00 lag machine says "Tor requires an accurate clock to work" for 4 hours, but then

Tor NOTICE: No circuits are opened. Relaxed timeout for circuit 4215 (a General-purpose client 1-hop circuit in state doing handshakes with channel state open) to 60000ms. However, it appears the circuit has timed out anyway. 
Tor NOTICE: We now have enough directory information to build circuits.
Tor NOTICE: Tor has successfully opened a circuit. Looks like client functionality is working. 

Secure sites are working, but is it secure to use TBB in that state?

comment:7 Changed 12 months ago by intrigeri

Cc: intrigeri added

comment:8 Changed 9 months ago by teor

Parent ID: #23605
Sponsor: Sponsor8-can

comment:9 Changed 9 months ago by teor

If we handle the past case in #24661, and the future case in #28591, this ticket can close.

comment:10 Changed 9 months ago by teor

Parent ID: #23605#28591

comment:11 Changed 8 months ago by teor

Resolution: fixed
Status: newclosed

The parent has been merged to master.

Note: See TracTickets for help on using tickets.