Page MenuHomePhabricator

sdwdate Tor Consensus Time Sanity Check
Closed, ResolvedPublic

Description

problem description:

When the host's system clock is too much off, Tor won't be able to connect and since sdwdate runs through Tor, it won't be able to fix the clock. At the moment in such situations there is no good feedback to the user.


proposal

  • A sdwdate sanity test could be created.
  • Before attempting to fetch the time from Tor hidden services, it could check what Tor is telling us about the clock.
  • Check if times from remote servers match Tor are within consensus/valid-after and consensus/valid-until, otherwise reject those.

caution

  • As per chat log with Roger directory authorities can lie about time - so we need to use this with care.
  • Tor consensus isn't always downloaded from directly from directory authorities, sometimes Tor downloads the Tor consensus from directory mirrors. And the latter aren't trusted as much as directory authorities. Those are just like normal relays.
  • We should have the courtesy to not explicitly download from directory authorities, because... armadev: oh. i think that would be horrible. hundreds of thousands of users doing that could overwhelm the directory authorities.

misc:

"consensus/valid-after"
"consensus/fresh-until"
"consensus/valid-until"
 Each of these produces an ISOTime describing part of the lifetime of
 the current (valid, accepted) consensus that Tor has.
 [New in Tor 0.2.6.3-alpha]

Deprecated:


credits:

Extensive research and guess work done by @HulaHoop and @Patrick.


scope:

The scope of this ticket is to create a sdwdate sanity test. It would be a user of anondate.

Details

Impact
Normal

Event Timeline

Patrick created this task.Feb 9 2015, 5:05 PM
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: sdwdate, usability, security.
Patrick added subscribers: Patrick, HulaHoop.
Patrick renamed this task from sdwdate-plugin-anondate to sdwdate Tor Consensus Time Sanity Check (sdwdate-plugin-anondate).Feb 9 2015, 5:13 PM
Patrick updated the task description. (Show Details)Feb 13 2015, 2:06 PM
Patrick renamed this task from sdwdate Tor Consensus Time Sanity Check (sdwdate-plugin-anondate) to sdwdate Tor Consensus Time Sanity Check.Aug 5 2015, 5:46 PM
Patrick updated the task description. (Show Details)
Patrick set Impact to Normal.
Patrick updated the task description. (Show Details)Aug 5 2015, 5:48 PM
Patrick updated the task description. (Show Details)Mar 13 2016, 1:10 AM
Patrick claimed this task.Feb 24 2017, 11:56 PM
Patrick added a project: Whonix 14.
Patrick added subscribers: joysn1980, marmarek.

WIP https://github.com/Whonix/sdwdate/commit/c626798651f263b06190cd7d9f03d3976f99c68a

Done:

  • Checks if system clock is between consensus/valid-after and consensus/valid-until. Otherwise a warning is logged.
  • Disregards any remote times not between consensus/valid-after and consensus/valid-until.

Questions:

Do you think the following information from the Tor control connection is safe to have for Whonix-Workstation?

./tor_consensus_valid-after.py 
2017-02-24 22:00:00

./tor_consensus_valid-until.py 
2017-02-25 01:00:00
Patrick updated the task description. (Show Details)Feb 25 2017, 5:28 AM

TODO: test what happen if Tor cannot fetch Tor consensus