> On 21 Aug 2015, at 04:36, s7r <[email protected]> wrote:
>
> If we merge introduction points with HSDirs, we have no option but to
> use the same introduction points, regardless how many INTRODUCE2 cells
> we get through them, until the new shared-RNG consensus value (24
> hours normally, in case nothing bad happens which makes us failback to
> disaster protocol for shared-RNG where we use the previous known one).
> So if we adopt this, the IPs will have a fixed lifetime of 24 hours,
> no less or no more (unless disaster).
On protocol failure, the latest edition of the shared-random proposal has the
authorities generate a different, predictable value every 24 hours, based on
the most recent successful shared-random value.
This is a mitigation which requires an adversary to occupy new points on the
hash ring each day, even in a disaster scenario where those points are
predictable slightly further in advance.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
pgp 0xABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
_______________________________________________
tor-dev mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
