Re: First go at directory server details

[Roger Dingledine <arma@mit.edu>]

On Sun, Jan 12, 2003 at 04:18:24AM -0800, Lucky Green wrote:
> Obviously, there will need to be more than 4 directory servers to ensure
> reliability and accessibility to the entire network.

How many are you thinking we'd need?

The other side of the coin is:
* it's hard to find more widely trusted good directory server operators
* it's hard to coordinate communication between more servers
* a higher number means we need more for consensus, and getting consensus
  with more is harder; but if the consensus threshold doesn't grow
  as quickly, then it's easier to attack.

> Consequently, any directory server appears to need to either be able to
> provide the querying user agent with a directory that the directory
> servers agree is "the correct" directory, or the directory server must
> not be able to provide information a user agent would accept as valid
> directory input.

This appears to contradict what Len wants. He wants users to be able to
get directory information even when consensus can't be reached. So they
have something to work with, even if it's not as certain.

(Am I reading this right?)

> I suspect the search to the solution to this challenge may stand to
> benefit from examining the existing research in the field of secure
> multi-party computation, which attempts to address this very problem.

Agreed. I haven't looked at DMPC lately. I glanced through some papers a
while ago, and they hadn't come up with any more answers than we already
have. Any pointers on where to look?

I spoke to Rebecca Wright about it at the last FC, and the roadblock
was that I wasn't able to specify what I wanted clearly enough for her
to do anything with it.

--Roger