[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Simplifying directory authority administration

To: or-dev@xxxxxxxxxxxxx
Subject: Re: Simplifying directory authority administration
From: Peter Palfrader <peter@xxxxxxxxxxxxx>
Date: Fri, 27 Apr 2007 19:00:51 +0200
Delivered-to: archiver@seul.org
Delivered-to: or-dev-outgoing@seul.org
Delivered-to: or-dev@seul.org
Delivery-date: Fri, 27 Apr 2007 13:01:00 -0400
In-reply-to: <20070421174858.BB3581408DB3@moria.seul.org>
Mail-followup-to: or-dev@xxxxxxxxxxxxx
References: <20070421174858.BB3581408DB3@moria.seul.org>
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-dev@xxxxxxxxxxxxx
User-agent: Mutt/1.5.9i

On Sat, 21 Apr 2007, nickm@xxxxxxxx wrote:

> --- tor/trunk/doc/spec/proposals/113-fast-authority-interface.txt	2007-04-21 17:48:45 UTC (rev 9999)
> +++ tor/trunk/doc/spec/proposals/113-fast-authority-interface.txt	2007-04-21 17:48:50 UTC (rev 10000)
> @@ -0,0 +1,80 @@
> +Filename: 113-fast-authority-interface.txt
> +Title: Simplifying directory authority administration
> +Last-Modified: $Date: 2007-04-16T19:11:29.511998Z $

> +Possible solution #2: Self-binding names.
> +
> +  Peter Palfrader has proposed that names be assigned automatically to nodes
> +  that have been up and running and valid for a while.
> +
> +Possible solution #3: Self-maintaining approved-routers file
> +
> +  Mixminion alpha has a neat feature where whenever a new server is seen,
> +  a stub line gets added to a configuration file.  For Tor, it could look
> +  something like this:
> +
> +    ## First seen with this key on 2007-04-21 13:13:14
> +    ## Stayed up for at least 12 hours on IP 192.168.10.10
> +    #RouterName AAAABBBBCCCCDDDDEFEF
> +
> +  (Note that the implementation needs to parse commented lines to make sure
> +  that it doesn't add duplicates, but that's not so hard.)
> +
> +  To add a router as named, administrators would only need to uncomment the
> +  entry.  This automatically maintained file could be kept separately from a
> +  manually maintained one.

This is only useful if authority admins are expected to actually check
something before uncommenting lines.  If we are supposed to check stuff
then it's still a lot of work (tho better), if we can just blindly
uncomment it using sed or similar then what's the point of this step
anyway?

Having a separate file for auto-approved routers is probably a good
idea tho.

Maybe a means for the operator to say "never bind a server (named
$foo|with fpr $bar|from the netblock ip/pl)" would come in handy.

Also, if you are really going to parse comments maybe it'ld make sense
to introduce a second comment character, like ';', to distinguish
between parsed and not-parsed comments.

Peter
-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/

Prev by Author: Re: Development tools for Tor
Next by Author: Re: Packaging vidalia and tor permissions
Previous by thread: Re: Simplifying directory authority administration
Next by thread: Re: 103-multilevel-keys and 101-dir-voting
Index(es):
- Author
- Thread