Hi Nick,
Thanks for posting this initial draft. I enjoyed reading more of the details, after hearing about it last week.
On February 5, 2019 5:02:50 PM UTC, Nick Mathewson nickm@torproject.org wrote:
Filename: 300-walking-onions.txt Title: Walking Onions: Scaling and Saving Bandwidth Author: Nick Mathewson Created: 5-Feb-2019 Status: Draft
- Status
This proposal describes a mechanism called "Walking Onions" for scaling the Tor network and reducing the amount of client bandwidth used to maintain a client's view of the Tor network.
...
- As part of verifying the handshake, the client verifies that the SNIP was signed by enough authorities, that its timestamp is recent enough, and that it actually corresponds to the random index that the client selected.
Let's make sure that we check the signature *first*, before parsing the rest of the document. (Maybe that's something we can specify when we write the detailed section 4.)
Tor's current directory parsing implementation parses the document, then checks the signature. This order makes some parsing bugs easier to trigger, because they don't require a valid set of authority signatures.
We could encourage implementers to check the signature first by putting it first in the document, or adding a signature offset field to the header. Or we could document this issue in a security considerations section, and hope all the implementers read it.
T
-- teor ----------------------------------------------------------------------