[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #6790 [Tor Directory Authority]: Write proposal draft for directory mirrors to accept, aggregate and hand off descriptors to dirauths
#6790: Write proposal draft for directory mirrors to accept, aggregate and hand
off descriptors to dirauths
-----------------------------------------------+----------------------------
Reporter: mikeperry | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor Directory Authority | Version:
Keywords: MikePerry201210d, proposal-needed | Parent: #2664
Points: | Actualpoints:
-----------------------------------------------+----------------------------
Comment(by mikeperry):
Replying to [comment:15 nickm]:
> Replying to [comment:14 mikeperry]:
> > Can you explain more about 5 being unsolved? I haven't been following
microdesc development. You mean the only way to get microdescriptors right
now is from the dirauths directly?
>
> Not exactly.
>
> I mean that right now, when a directory cache wants to learn a
consensus, a router descriptor, or a microdescriptor, it fetches it from
one of the authorities. It can't just ask another cache: there is no
mechanism for *any* cache to learn this stuff right now other than asking
an authority, so if all the caches asked each other, nobody would find
out.
>
> Obviously, this could be improved as a Simple Matter of Software Design.
Yeah, I'm not suggesting some massive, expensive N^2 layer where all the
dir mirrors talk to eachother to exchange submitted relay descriptors or
consensus microdescs.
My goal is the simplest possible design that allows us to reduce the roles
of the dirauths to 3, 4, and 5. This means that dir mirrors (fine, even
the whole current consensus) are still allowed to talk to dirauths to
download and submit descriptor info. That way, if certain relays are
loud/busted/broken in terms of their mirroring functionality, we can just
drop them from the consensus as a last resort, or perhaps just add them to
a dirport firewall.
To preserve the consensus properties for descriptor submission with
minimal changes, it seems we have two options when the dirauths are
operating in this mode:
1. Relays submit descriptors to a dir mirror who submits it to all N
authorities
2. Relays submit descriptors k*N times, to the k*N dir mirrors in the
current consensus with the k closest idhexes to each of the N dirauths,
who then submit it forward to that dirauth.
In each case, the dir mirror should perform the same checks and rate
limits that the dirauths currently do. They might also need additional IP
restrictions too. It depends on what is actively enforced at the dirauths
right now before performing checks.
My goal is to get a proposal for this written by Oct 10th that describes a
way to support this as an optional mode of operation in extreme
circumstances that we can test periodically. If we don't get it coded for
0.2.4.x because other things end up more important, that's fine. It might
be the case that #572 by itself is enough to make me happy for emergency
circumstances.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6790#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs