Opened 19 months ago

Last modified 17 months ago

#24940 new enhancement

Make authorities post authority_certificate to other authorities

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-dirauth, tor-dirauth-offline, needs-proposal-maybe, 034-triage-20180328, 034-removed-20180328
Cc: Actual Points:
Parent ID: Points: 2
Reviewer: Sponsor:

Description

At the moment, offline authorities work, until their certificates expire.
They post their votes to other authorities, and fetch votes from other authorities, and no-one needs to connect to them.

But when their certificates expire, no-one can get their new certificate, because it's only available via a download from that authority.

(There's a hack that involves placing the new certificate in another authorities cached certificates file. Which is not ok on the public network.)

Let's make a way for offline authorities to post their certificates to other authorities, and make all authorities do it when they have a new certificate.

Child Tickets

Change History (4)

comment:1 Changed 19 months ago by nickm

But, certificates are included verbatim in votes, and as such are already uploaded to all the other authorities. So this should work...

(It's the part of the vote beginning with dir-key-certificate-version and ending with dir-key-certification.)

comment:2 Changed 17 months ago by nickm

Keywords: 034-triage-20180328 added

comment:3 Changed 17 months ago by nickm

Keywords: 034-removed-20180328 added

Per our triage process, these tickets are pending removal from 0.3.4.

comment:4 Changed 17 months ago by nickm

Milestone: Tor: 0.3.4.x-finalTor: unspecified

These tickets, tagged with 034-removed-*, are no longer in-scope for 0.3.4. We can reconsider any of them, if time permits.

Note: See TracTickets for help on using tickets.