[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r11115: commit proposal 120: Suicide descriptors when Tor servers st (tor/trunk/doc/spec/proposals)

To: or-cvs@xxxxxxxxxxxxx
Subject: [or-cvs] r11115: commit proposal 120: Suicide descriptors when Tor servers st (tor/trunk/doc/spec/proposals)
From: arma@xxxxxxxx
Date: Wed, 15 Aug 2007 09:37:33 -0400 (EDT)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-cvs-outgoing@xxxxxxxx
Delivered-to: or-cvs@xxxxxxxx
Delivery-date: Wed, 15 Aug 2007 09:37:40 -0400
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx

Author: arma
Date: 2007-08-15 09:37:33 -0400 (Wed, 15 Aug 2007)
New Revision: 11115

Added:
   tor/trunk/doc/spec/proposals/120-suicide-descriptors.txt
Modified:
   tor/trunk/doc/spec/proposals/000-index.txt
Log:
commit proposal 120: Suicide descriptors when Tor servers stop


Modified: tor/trunk/doc/spec/proposals/000-index.txt
===================================================================
--- tor/trunk/doc/spec/proposals/000-index.txt	2007-08-15 09:27:12 UTC (rev 11114)
+++ tor/trunk/doc/spec/proposals/000-index.txt	2007-08-15 13:37:33 UTC (rev 11115)
@@ -27,7 +27,7 @@
 106  Checking fewer things during TLS handshakes [CLOSED]
 107  Uptime Sanity Checking [CLOSED]
 108  Base "Stable" Flag on Mean Time Between Failures [OPEN]
-109  No more than one server per IP address [ACCEPTED]
+109  No more than one server per IP address [CLOSED]
 110  Avoiding infinite length circuits [OPEN]
 111  Prioritizing local traffic over relayed traffic [OPEN]
 112  Bring Back Pathlen Coin Weight [OPEN]
@@ -37,4 +37,5 @@
 116  Two hop paths from entry guards [OPEN]
 117  IPv6 exits [OPEN]
 118  Advertising multiple ORPorts at once [RESEARCH]
-
+119  New PROTOCOLINFO command for controllers [OPEN]
+120  Suicide descriptors when Tor servers stop [OPEN]

Added: tor/trunk/doc/spec/proposals/120-suicide-descriptors.txt
===================================================================
--- tor/trunk/doc/spec/proposals/120-suicide-descriptors.txt	                        (rev 0)
+++ tor/trunk/doc/spec/proposals/120-suicide-descriptors.txt	2007-08-15 13:37:33 UTC (rev 11115)
@@ -0,0 +1,76 @@
+Filename: 120-suicide-descriptors.txt
+Title: Suicide descriptors when Tor servers stop
+Version: $Revision$
+Last-Modified: $Date$
+Author: Roger Dingledine
+Created: 15-Aug-2007
+Status: Open
+
+Overview:
+
+  Tor servers should publish a last descriptor whenever they shut down,
+  to let others know that they are no longer offering service.
+
+The Problem:
+
+  The main reason for this is in reaction to Internet services that want
+  to treat connections from the Tor network differently. Right now,
+  if a user experiments with turning on the "relay" functionality, he
+  is punished by being locked out of some websites, some IRC networks,
+  etc --- and this lockout persists for several days even after he turns
+  the server off.
+
+Design:
+
+  During the "slow shutdown" period if exiting, or shortly after the
+  user sets his ORPort back to 0 if not exiting, Tor should publish a
+  final descriptor with the following characteristics:
+
+  1) Exit policy is listed as "reject *:*"
+  2) It includes a new entry called "opt shutdown 1"
+
+  The first step is so current blacklists will no longer list this node
+  as exiting to whatever the service is.
+
+  The second step is so directory authorities can avoid wasting time
+  doing reachability testing. Authorities should automatically not list
+  as Running any router whose latest descriptor says it shut down.
+
+  [I originally had in mind a third step --- Advertised bandwidth capacity
+  is listed as "0" --- so current Tor clients will skip over this node
+  when building most circuits. But since clients won't fetch descriptors
+  from nodes not listed as Running, this step seems pointless. -RD]
+
+Spec:
+
+  TBD but should be pretty straightforward.
+
+Security issues:
+
+  Now external people can learn exactly when a node stopped offering
+  relay service. How bad is this? I can see a few minor attacks based
+  on this knowledge, but on the other hand as it is we don't really take
+  any steps to keep this information secret.
+
+Overhead issues:
+
+  We are creating more descriptors that want to be remembered. However,
+  since the router won't be marked as Running, ordinary clients won't
+  fetch the suicide descriptors. Caches will, though. I hope this is ok.
+
+Implementation:
+
+  To make things easy, we should publish the suicide descriptor only
+  on controlled shutdown (SIGINT as opposed to SIGTERM). That would
+  leave enough time for publishing that we probably wouldn't need any
+  extra synchronization code.
+
+  If that turns out to be too unintuitive for users, I could imagine doing
+  it on SIGTERMs too, and just delaying exit until we had successfully
+  published to at least one authority, at which point we'd hope that it
+  propagated from there.
+
+Acknowledgements:
+
+  tup suggested this idea.
+


Property changes on: tor/trunk/doc/spec/proposals/120-suicide-descriptors.txt
___________________________________________________________________
Name: svn:keywords
   + Revision Date Id
Name: svn:eol-style
   + native

Prev by Author: [or-cvs] r11106: add draft 119-controlport-auth proposal (tor/trunk/doc/spec/proposals)
Next by Author: [or-cvs] r11117: backport candidate: - If we require CookieAuthentication but (in tor/trunk: . src/or)
Previous by thread: [or-cvs] r11114: Added an option to specify the middle node's country and red (in torflow/trunk: . TorCtl)
Next by thread: [or-cvs] r11116: fixed some bugs in test application for proposal 114 (puppetor/trunk/src/de/uniba/wiai/lspi/puppetor/examples)
Index(es):
- Author
- Thread