Opened 3 years ago

Last modified 3 years ago

#22498 new defect

Offline directory authorities need a way to post their certificate to other authorities

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: very long term
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-auth, tor-auth-offline, needs-proposal
Cc: Actual Points:
Parent ID: Points: 5
Reviewer: Sponsor:


We have wanted to be able to run (the signing parts of) a directory authority offline for a while, because it's more secure.

So I have been experimenting with an offline (ORPort and DirPort unreachable) directory authority on the test net.

Almost everything works: it posts votes, downloads votes from other authorities, signs consensuses, and posts its signature. It could easily do these things using a 3-hop Tor path.

But once its authority certificate expires, it has no way to post it to the other authorities.

A workaround is to overwrite another authority's cached-certs file with the missing authority certificate file. But this is nasty.

We should make authorities accept certificate posts, and post their certificates to one another.

Child Tickets

Change History (1)

comment:1 Changed 3 years ago by teor

Keywords: needs-proposal added
Note: See TracTickets for help on using tickets.