Opened 16 years ago

Last modified 8 years ago

#42 closed defect (Fixed)

Overzealous clock skew checking keeps clients from working

Reported by: nickm Owned by: tor-bugs
Priority: Low Milestone:
Component: Core Tor/Tor Version:
Severity: Keywords:
Cc: nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


The check for time skew in connection_or.c which produces the log message: "Router '%s' (%s:%d) has a skewed clock..." seems to get called even when Tor is running as a client. This is not as intended; only servers should be forced to make sure their clocks are relatively correct.

Arma questions whether we should care about clock skew at all. The attacks that we're protecting against are server impersonation attacks where the attacker manage to compromise an older private key for a server, but not a newer one. This doesn't seem very realistic now, since compromising a server's private key will almost surely reveal its identity key; but a slightly cleverer key management system might in the future make this attack meaningfully difficult.

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (2)

comment:1 Changed 16 years ago by arma

flyspray2trac: bug closed.
Disabled all clock skew checking.

comment:2 Changed 8 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.