Changes between Initial Version and Version 1 of org/meetings/2016WinterDevMeeting/Notes/ConsensusTransparency


Ignore:
Timestamp:
Mar 18, 2016, 11:52:47 PM (3 years ago)
Author:
isabela
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • org/meetings/2016WinterDevMeeting/Notes/ConsensusTransparency

    v1 v1  
     1[https://trac.torproject.org/projects/tor/wiki/org/meetings/2016WinterDevMeeting/Notes BACK TO 2016 WINTER DEV MEETING NOTES PAGE]
     2
     3'''__Tor Transparency __'''[[BR]][[BR]]Goal is the detect a malicious signed consensus.[[BR]]Vote alone is not enough, we should put it in logs (read-only)[[BR]][[BR]]Certificate Transparency Explanation by Linus[[BR]]Document is the consensus that would be put in log servers.[[BR]]No need to trust the log operators because they can be monitored of course.[[BR]]DA could monitor the log for anything they did not issued => something is wrong.[[BR]]Non-DA could also monitor the logs ( look for larger consensus than usual etc).[[BR]][[BR]]Prototype is already in place and monitoring.[[BR]]A Consensus could be in one of three states (maybe_included? included?[[BR]]not-included?)[[BR]]Client sends to guards, then send it random relays for verifications.[[BR]][[BR]]User/relay experience:[[BR]]* user would fetch the consensus + inclusion proof from the log servers[[BR]]* user would need to know the log servers also (included in the client?)[[BR]][[BR]]Pros: Everyone can run a log.[[BR]]Issues: Which log to verify from client perspective? How to be sure consensus[[BR]]would be logged ? What to do when we have different signatures for the same[[BR]]content ? (log ? not log? merge? Spamming issue (could send O(n!^2) combination)[[BR]]but this problem is rare). Injection of toxic data (?)[[BR]][[BR]]Do we want Signed Certificate Timestamp ? => proof of inclusion for the future.[[BR]]Pb: Is it too much data again to handle for a log ? (Differents kind of logs)[[BR]][[BR]]Alternative:[[BR]]* DA issue STH instead (replaces the log)[[BR]]* Pb: Overhead for DAs ?[[BR]]* Cons: Put that in CTor !! [[BR]][[BR]]Two considerations:[[BR]]* how many hours ? (+many more questions will arise when implementation is done)[[BR]]* will we break something?[[BR]][[BR]]Data of log could be extracted to be put online on website also.