Opened 7 years ago

Last modified 2 years ago

#7216 needs_revision defect

networkstatus_check_consensus_signature() shouldn't warn because of missing certs

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-client easy needs-insight logging
Cc: Actual Points:
Parent ID: Points: 1
Reviewer: Sponsor:

Description

If you're first bootstrapping and enough of your certificate downloads fail at least twice, you might see something like:

A consensus needs 5 good signatures from recognized authorities for us to accept it. This one has 0 (). It has 1 signatures from authorities we don't recognize. We were unable to check 7 of the signatures, because we were missing the keys.

That's not too helpful, especially to a new user.

From IRC, with irrelevant stuff omitted:

19:45 < armadev> if it warns about a consensus that it might not warn about 
                 once it has certs, and once it gets certs it checks again, it 
                 seems that the warn is a bug
19:47 <@nickm> armadev: Hm. You're saying that if we can't verify the 
               consensus, and missing certs might enable us to do so, the 
               warnings should instead be "Hey I've tried to download 
               certificates and it didn't work yet, trying more?"
19:47 <@nickm> or no warning
19:48 < armadev> i was saying no warning
19:49 < armadev> assuming we later warn if we fail to fetch the certs we 
                 wanted, and we warn if we later don't like the consensus we 
                 can now check
19:50 <@nickm> sounds okay. May I copy+paste some of the stuff you've said to 
               make a new ticket, or do you want to open one?
19:50 < armadev> go for it
19:51 < armadev> this is especially relevant because the case where you don't 
                 have the certs yet means you're probably a new user starting 
                 tor for the first time, nervously looking at the message log

Child Tickets

Attachments (1)

0001-Fix-7216-remove-a-potentially-confusing-warning-due-.patch (1.7 KB) - added by marek 6 years ago.

Download all attachments as: .zip

Change History (5)

comment:1 Changed 6 years ago by marek

Status: newneeds_review

I understand that this bug is only about the "A consensus needs 5 good signatures from recognized authorities for us to accept it." warning. If so - see the patch.

comment:2 Changed 6 years ago by nickm

Status: needs_reviewneeds_revision

Hm. So the issue is that we don't want to _always_ suppress this message. We only want to suppress it in the case where we might succeed in verifying the networkstatus if we succeed in downloading one or more of the missing certificates that we're downloading right now.

But we already try to do that with the "(n_good + n_missing_key - n_dl_failed_key < n_required)" check above. Perhaps the problem is how our call to authority_cert_dl_looks_uncertain() only looks at the authority identity, and not at the desired signing key that we're trying to get a certificate for?

comment:3 Changed 3 years ago by nickm

Keywords: needs-insight added
Points: small
Severity: Normal

comment:4 Changed 2 years ago by nickm

Keywords: logging added
Points: small1
Note: See TracTickets for help on using tickets.