Opened 5 weeks ago

Closed 4 weeks ago

#27286 closed enhancement (implemented)

Update recommended and required protocol versions for "LinkAuth"

Reported by: nickm Owned by: nickm
Priority: High Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 032-backport 033-backport 034-backport
Cc: Actual Points:
Parent ID: #26631 Points:
Reviewer: teor Sponsor: Sponsor8

Description

LinkAuth method 1 is the one where we pull the TLS master secrets out of the OpenSSL data structures and authenticate them with RSA. LinkAuth method 3 is the one where we use the RFC5705 key export mechanism and Ed25519 signatures; it is not supported in 0.2.9.

Right now we list method 1 as required for clients and relays. That's a problem, since we can't reasonably support it with NSS.

We should at least say that method 1 is not required for clients, and method 3 is recommended for everybody.

Should any method be required for relays? I don't think so currently, since we don't want to kick anybody off the network.

Child Tickets

Change History (8)

comment:1 Changed 5 weeks ago by nickm

Keywords: 032-backport 033-backport 034-backport added
Status: assignedneeds_review
Type: defectenhancement

I have a patch for 0.3.2 as ticket27286_032, with PR at https://github.com/torproject/tor/pull/291

comment:2 Changed 5 weeks ago by teor

Status: needs_reviewmerge_ready

This looks fine to me.

Just confirming: once authorities deploy this fix, all 0.2.9 and earlier tors will start warning their users to upgrade?

comment:3 Changed 5 weeks ago by teor

Reviewer: teor

comment:4 Changed 5 weeks ago by nickm

That is correct, yes.

comment:5 Changed 5 weeks ago by nickm

Priority: MediumHigh

comment:6 Changed 5 weeks ago by arma

To make sure I understand: (a) does that mean that nss-based Tor clients won't be able to establish a link connection to 0.2.9 relays or bridges? Since quite a few of the big relays are still on 0.2.9 -- including guards -- that limitation could be a big deal. Specifically, of the 1919 guards, it looks like 345 of them are on 0.2.9. I guess we figure nss-based clients won't be that relevant for another couple of years, by which point 0.2.9 will be dying away?

And (b) it seems weird to say that we support a version if, when you run it, it tells you to upgrade. I guess the choice is between "be able to implement newer client variants and not be disobeying our spec" vs "have existing versions that we claim to support tell people that they need to upgrade"?

If it really is a choice between these two, is there any rush to push through the "start warning" part?

comment:7 in reply to:  6 Changed 4 weeks ago by nickm

Replying to arma:

To make sure I understand: (a) does that mean that nss-based Tor clients won't be able to establish a link connection to 0.2.9 relays or bridges? Since quite a few of the big relays are still on 0.2.9 -- including guards -- that limitation could be a big deal. Specifically, of the 1919 guards, it looks like 345 of them are on 0.2.9. I guess we figure nss-based clients won't be that relevant for another couple of years, by which point 0.2.9 will be dying away?

It is correct that with NSS, we can't connect to 0.2.9-based bridges or guards.

And (b) it seems weird to say that we support a version if, when you run it, it tells you to upgrade. I guess the choice is between "be able to implement newer client variants and not be disobeying our spec" vs "have existing versions that we claim to support tell people that they need to upgrade"?

We support 0.2.9, but we wish people running it would/could upgrade. I don't see a contradiction there: we'll keep it working and keep fixing important bugs in it, but it is subject to inherent limitations (RSA1024) that mean it sure would be nice for people to upgrade.

That said...

If it really is a choice between these two, is there any rush to push through the "start warning" part?

I guess we could refrain from adding 3 to the recommended list, so that neither of the two protocols is described as recommended or required. We could wait at least until 0.3.5 (which will be the next LTS) is out.

comment:8 Changed 4 weeks ago by nickm

Resolution: implemented
Status: merge_readyclosed

I have removed LinkAuth=3 from the recommended list, and merged it.

Note: See TracTickets for help on using tickets.