diff options
| author | Nick Mathewson <nickm@torproject.org> | 2007-03-10 07:39:17 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2007-03-10 07:39:17 +0000 |
| commit | 887b87614d60cbbc6beb5b4e86d28663cd38392e (patch) | |
| tree | d26eda0304e1f3044ade8a6f0768b59c7978f7c9 | |
| parent | 97b61b9889b3b201a32345bcf69c31f9ae472b74 (diff) | |
| download | tor-887b87614d60cbbc6beb5b4e86d28663cd38392e.tar.gz tor-887b87614d60cbbc6beb5b4e86d28663cd38392e.zip | |
r12520@Kushana: nickm | 2007-03-10 00:57:59 -0500
add initial uptime-sanity-checking proposal by Kevin Buaer and Damon McCoy.
svn:r9791
| -rw-r--r-- | doc/spec/proposals/000-index.txt | 2 | ||||
| -rw-r--r-- | doc/spec/proposals/107-uptime-sanity-checking.txt | 48 |
2 files changed, 49 insertions, 1 deletions
diff --git a/doc/spec/proposals/000-index.txt b/doc/spec/proposals/000-index.txt index cdf92540b0..0ad5ad0eb6 100644 --- a/doc/spec/proposals/000-index.txt +++ b/doc/spec/proposals/000-index.txt @@ -25,4 +25,4 @@ Proposals by number: 104 Long and Short Router Descriptors [OPEN] 105 Version negotiation for the Tor protocol [OPEN] 106 Checking fewer things during TLS handshakes [CLOSED] - +107 Uptime Sanity Checking [OPEN] diff --git a/doc/spec/proposals/107-uptime-sanity-checking.txt b/doc/spec/proposals/107-uptime-sanity-checking.txt new file mode 100644 index 0000000000..57ec841903 --- /dev/null +++ b/doc/spec/proposals/107-uptime-sanity-checking.txt @@ -0,0 +1,48 @@ +Filename: 107-uptime-sanity-checking.txt +Title: Uptime Sanity Checking +Version: +Last-Modified: +Author: Kevin Buaer and Damon McCoy +Created: 8-March-2007 +Status: Open + +Overview: + + This document describes how to cap the uptime that is used when computing + which routers are maked as stable such that highly stable routers cannot + be displaced by malicious routers that report extremely high uptime + values. + + This is similar to how bandwidth is capped at 1.5MB/s. + +Motivation: + + It has been pointed out that an attacker can displace all stable nodes and + entry guard nodes by reporting high uptimes. This is an easy fix that will + prevent highly stable nodes from being displaced. + +Security implications: + + It should decrease the effectiveness of routing attacks that report high + uptimes while not impacting the normal routing algorithms. + +Specification: + + We propose that uptime be capped at two months. Currently there are + approximetly 50 nodes with this amount of uptime, and the average uptime + is around 9 days. This cap would prevent these 50 nodes from being + displaced by an attacker. + +Compatibility: + + There should be no compatiblity issues due to uptime capping. + +Implementation: + + #define MAX_BELIEVABLE_UPTIME 60*24*60*60 + dirserv.c + 1448: *up = (uint32_t) real_uptime(ri, now); + if(*up > MAX_BELIEVABLE_UPTIME) { + *up = MAX_BELIEVABLE_UPTIME; + } + |