Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#22284 closed task (implemented)

Make a proper wiki page for trove severity guidelines

Reported by: arma Owned by: nickm
Priority: Medium Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords:
Cc: Actual Points: .1
Parent ID: Points:
Reviewer: Sponsor:

Description

There are these two pages:
https://trac.torproject.org/projects/tor/wiki/TROVE
https://trac.torproject.org/projects/tor/wiki/org/meetings/2016SummerDevMeeting/Notes/SecurityIssuePolicy

But that second one isn't really a great long term resource for people wondering what the trove is, or what should count as a thing that should be in the trove. It would be nice to have a page that looks like it's actually an in-place policy.

Child Tickets

Change History (7)

comment:1 Changed 2 years ago by arma

When we do the transition, we might want to work on the phrasing of "any means to impersonate a relay", since we had a case where a seized relay was in the fallbackdir list, but in that case if a bad guy got the identity key and pretended to be the relay (and assuming we blacklisted the fingerprint from the network), all the bad guy could do would be to serve directory answers to clients, and that's not really so bad.

comment:2 Changed 2 years ago by nickm

Milestone: Tor: unspecifiedTor: 0.3.1.x-final

comment:3 Changed 2 years ago by nickm

Owner: set to nickm
Status: newaccepted

comment:5 Changed 2 years ago by nickm

Actual Points: .1
Status: acceptedneeds_review

Okay, I think I'm pretty happy with where this is now. Comments?

comment:6 Changed 2 years ago by nickm

Resolution: implemented
Status: needs_reviewclosed

5 days and no comments; I bet there will be more comments when we next have a security issue. Still, closing as done for now.

comment:7 Changed 2 years ago by arma

Looking good! Thanks.

Note: See TracTickets for help on using tickets.