[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #16297 [Tor]: Reduce Sybil harm while still getting use out of them
#16297: Reduce Sybil harm while still getting use out of them
-------------------------+---------------------
Reporter: phw | Owner: phw
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Keywords: sybil | Actual Points:
Parent ID: | Points:
-------------------------+---------------------
With the exception of bad exit relays, we have a binary approach to
dealing with bad relays; we either let them be, or remove them from the
network. That's not always appropriate because Sybils can be useful,
provided we strip them of power. In particular, we probably want to
prevent them from becoming:
* Anything hidden service-related (HSDirs, introduction points, rendezvous
points)
* Exit relays
* Guard relays
* Maybe even directory mirrors?
One possibility would be an option such as `AuthDirRestrain`, that
specifies which relay should be stripped of powers. Another possibility
would be a set of more fine-grained options but that sounds less useful
because it assumes that we know what a bad relays is up to. Often,
however, we are only aware of a subset of the actual attack.
If we indeed want something like `AuthDirRestrain`, we should also think
about the voting process. The `AuthDirBadExit` process works well so far
because we have three voters, whereof two are typically quick to act. It
doesn't work that well for `AuthDirReject` where we need the majority of
all nine authority operators.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16297>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs