[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Simplifying directory authority administration



On Sat, 21 Apr 2007, nickm@xxxxxxxx wrote:

> --- tor/trunk/doc/spec/proposals/113-fast-authority-interface.txt	2007-04-21 17:48:45 UTC (rev 9999)
> +++ tor/trunk/doc/spec/proposals/113-fast-authority-interface.txt	2007-04-21 17:48:50 UTC (rev 10000)
> @@ -0,0 +1,80 @@
> +Filename: 113-fast-authority-interface.txt
> +Title: Simplifying directory authority administration
> +Last-Modified: $Date: 2007-04-16T19:11:29.511998Z $

> +Possible solution #2: Self-binding names.
> +
> +  Peter Palfrader has proposed that names be assigned automatically to nodes
> +  that have been up and running and valid for a while.
> +
> +Possible solution #3: Self-maintaining approved-routers file
> +
> +  Mixminion alpha has a neat feature where whenever a new server is seen,
> +  a stub line gets added to a configuration file.  For Tor, it could look
> +  something like this:
> +
> +    ## First seen with this key on 2007-04-21 13:13:14
> +    ## Stayed up for at least 12 hours on IP 192.168.10.10
> +    #RouterName AAAABBBBCCCCDDDDEFEF
> +
> +  (Note that the implementation needs to parse commented lines to make sure
> +  that it doesn't add duplicates, but that's not so hard.)
> +
> +  To add a router as named, administrators would only need to uncomment the
> +  entry.  This automatically maintained file could be kept separately from a
> +  manually maintained one.

This is only useful if authority admins are expected to actually check
something before uncommenting lines.  If we are supposed to check stuff
then it's still a lot of work (tho better), if we can just blindly
uncomment it using sed or similar then what's the point of this step
anyway?

Having a separate file for auto-approved routers is probably a good
idea tho.

Maybe a means for the operator to say "never bind a server (named
$foo|with fpr $bar|from the netblock ip/pl)" would come in handy.


Also, if you are really going to parse comments maybe it'ld make sense
to introduce a second comment character, like ';', to distinguish
between parsed and not-parsed comments.

Peter
-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/