Re: Holy shit I caught 1

[Mike Perry <mikepery@xxxxxxxxxx>]

Thus spake Roger Dingledine (arma@xxxxxxx):

> On Sun, Aug 27, 2006 at 10:49:46PM -0500, Mike Perry wrote:
> > An interface to suck a signature-verified directory out of Tor via the
> > control-port or some other means would also be nice.
> 
> I noticed from your earlier statement that you're using the v1 directory
> format. This is obsolete, and any v1 directories you may run across
> will likely not contain complete information anymore (this includes the
> output of the scripts at serifos, which haven't been upgraded yet). See
> http://tor.eff.org/svn/trunk/doc/dir-spec.txt for the v2 format
> (introduced in Tor 0.1.1.x), which involves fetching network-statuses
> and server descriptors independently.

Gah. I just assumed that hitting a 0.1.1.x dir server at the tor
directory url (eg http://moria.mit.edu:9031/tor/) pulled down the
complete v2 directory version, and the rest of the spec governed
proccess for updates.. This is not the case? They /have/ to be
feteched sepately based on the network status or they may be
incomplete/missing?

> If you want your Tor controller to have up to date descriptors and
> network statuses, you can

Wow so this is exactly what I meant.. Heh. Completely didn't see it in
the control port spec. 

> 1) Read them out of the $datadir yourself, from "cached-routers*" and
> "cached-status/*"
> 
> 2) Listen for "newdesc" events, and ask us why there is no "newstatus"
> event. (Good point, I've just put that on the todo list.)
> 
> 3) Send "getinfo desc/all-recent" and "getinfo network-status". This
> won't give you the full set of network-status strings though.
> 
> 4) Turn on your dirport and send "getinfo dir/status/all" and
> "getinfo dir/server/all".
> 
> Personally, I would go for #4. Note that for any of these, you may want
> to set your FetchUselessDescriptors torrc variable (see man page).

Why is it that getinfo desc/all-recent and getinfo network-status is
different than the dir/status/all, dir/server/all messages? Shouldn't
they converge to the same thing once the client has been running long
enough to download all the routers it sees in network-status?

Is there any reason I would want to try to use a Useless descriptor? I
assumed Useless (starts with ! in network status, right?) meant
unreachable/unresponsive.

> > Ok, I will consider rewriting it for this python interface. Have to
> > learn python first, which has been on my TODO list for some time, so
> > hopefully it will happen. I would guess the directory notification
> > interface won't appear for a while in Tor either, so I probably have
> > time. When 0.1.2 stabilizes?
> 
> Yep. Especially if you help us figure out what interface you want. :)

Hrmm. I definitely have to run this thing for a while first.. Lots of
assurance issues with actually having it inform the dirservers about a
bad node, especially with this Privoxy noise randomly being inserted
on the wire. Suppose using just plain socks will cut that out, but
then I have to worry about remote-resolution issues. I'm sure there
are other gems waiting to be discovered as well that may or may not
change what knowledge and what logic sits where. 

I imagine the biggest problem is the fact that malicious nodes have
the option of being bad infrequently enough that it could be mistaken
for transient failure.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs