Skip to content

Reject authority certificates published in the future

3.1. of dir-spec.txt describes dir-key-published and dir-key-expires for when authority certificates are generated, but there doesn't seem to be anything in the spec about validating them.

This came up because arti currently rejects certificates with dir-key-published in the future. This is probably desirable, but it's a deviation from tor's current behavior (at least in testing networks), and afaict the spec doesn't say anything about it.

@nickm proposed in discussion that we should specify that keys published too far in the future ought to be rejected. i.e. there should be some grace window to allow for clock skew.

Do we have a more general policy about how much clock skew we try to tolerate?

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information