[Whonix-devel] #16845 [Tor]: make unverified consensus ISOTime accessible through Tor's ControlPort

• Previous message: [Whonix-devel] Whonix Anonymous Operating System Version 11 Released!
• Next message: [Whonix-devel] #16845 [Tor]: make unverified consensus ISOTime accessible through Tor's ControlPort
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

#16845: make unverified consensus ISOTime accessible through Tor's ControlPort
-------------------------+---------------------
 Reporter:  proper       |          Owner:
     Type:  enhancement  |         Status:  new
 Priority:  normal       |      Milestone:
Component:  Tor          |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+---------------------
 Currently only verified, accepted Tor consensus ISOTime is available.

 Quote [https://gitweb.torproject.org/torspec.git/tree/control-spec.txt Tor
 control protocol]:

 {{{
      "consensus/valid-after"
      "consensus/fresh-until"
      "consensus/valid-until"
       Each of these produces an ISOTime describing part of the lifetime of
       the current (valid, accepted) consensus that Tor has.
       [New in Tor 0.2.6.3-alpha]
 }}}

 Unverified consensus ISOTime is unavailable.

 This information is interesting in context for anonymity distributions and
 secure network time synchronization, usability and whatnot. Used by Tails'
 [https://git-tails.immerda.ch/tails/tree/config/chroot_local-
 includes/etc/NetworkManager/dispatcher.d/20-time.sh tordate] or Whonix's
 [https://www.whonix.org/wiki/Dev/TimeSync#anondate anondate].

 However, these tools rely on parsing Tor's log, which is
 [https://labs.riseup.net/code/issues/8977 fragile].

 It would be nice, if something like

 * {{{consensus-unverified/valid-after}}}
 * {{{consensus-unverified/fresh-until}}},
 * and {{{consensus-unverified/valid-until}}}

 where accessible through Tor's ControlPort.

 {{{
       Each of these produces an ISOTime describing part of the lifetime of
       the unverified (invalid, rejected) consensus that Tor has.
       [New in Tor 0.2.7.x-...]
 }}}


 This feature requests completes the related one {{{make certificate
 lifetime accessible through Tor's ControlPort}}} (#16822).

 Use cases:

 * clock slightly off: verified consensus (already implemented: #10395)
 * clock more off: unverified consensus (this ticket)
 * clock a lot off: certificate lifetime (#16822)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16845>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

• Previous message: [Whonix-devel] Whonix Anonymous Operating System Version 11 Released!
• Next message: [Whonix-devel] #16845 [Tor]: make unverified consensus ISOTime accessible through Tor's ControlPort
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]