[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #7798 [Core Tor/Tor]: Use directory guards even when consensus isn't live
#7798: Use directory guards even when consensus isn't live
--------------------------+-----------------------------------
Reporter: nickm | Owner:
Type: defect | Status: needs_information
Priority: Medium | Milestone: Tor: unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-client | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+-----------------------------------
Changes (by teor):
* status: new => needs_information
Comment:
Replying to [comment:1 arma]:
> Agreed!
>
> I wonder how this should relate to the fallbackdir design now that there
is one.
>
> Can we add the directory guards from our state file to the fallbackdir
list, with higher priority than the other ones on the list?
There is no priority in the fallback directory design, there is only
weight.
But I think this is a nice way of resolving the privacy issues mentioned
in #18084.
What we could do is add to the state file one or more `FallbackDir` lines
describing our directory guards. The format is `address:port orport=port
id=fingerprint [ipv6=ipv6address:ipv6orport] [weight=num]`. The fallbacks
will have to have a DirPort, even though clients never use it (see
#19129). (We're only doing this for clients, right?)
The current total fallback weight is 1009 (10*100 + 1*9), but it could go
as high as ~3000 if we ever include 300 fallbacks, as in the original "20%
of guards" design.
We might have 3 directory guards, or in future, we might only have 1.
So let's weight each directory guard at 10,000. Then we will only choose a
fallback 10% of the time. (Or 3% of the time with 3 directory guards.)
Then, when we load the state file, we use our standard fallback parsing
function to add them to the list. And our standard bootstrapping sequence
will use them like any other fallbacks.
Should we do this automatically, or should their be an option to turn it
off?
The existing `UseDefaultFallbackDirs` doesn't really cover this, so we
probably need `UseDirGuardsAsFallbackDirs`. (This should control both the
writing to the state file, and the reading from it.) This way, someone can
refuse the default fallbacks, but still use their directory guards as
fallbacks.
When should these fallback directory guards expire?
(When do guards in our state file expire?)
If they're too old, we should ignore them and just try the fallbacks.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7798#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs