[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Uptime Sanity Checking

To: or-dev@xxxxxxxxxxxxx
Subject: Re: Uptime Sanity Checking
From: Roger Dingledine <arma@xxxxxxx>
Date: Fri, 9 Mar 2007 14:45:28 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-dev-outgoing@seul.org
Delivered-to: or-dev@seul.org
Delivery-date: Fri, 09 Mar 2007 14:45:36 -0500
In-reply-to: <4ef5fec60703082201k62eac97ep2be59d2848256611@mail.gmail.com>
References: <20070308153959.ACA40984@robin.int.colorado.edu> <20070308225044.GB6926@asteria.noreply.org> <20070309044702.GW28282@moria.seul.org> <20070309051200.GA31057@totoro.wangafu.net> <4ef5fec60703082201k62eac97ep2be59d2848256611@mail.gmail.com>
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-dev@xxxxxxxxxxxxx
User-agent: Mutt/1.5.9i

On Thu, Mar 08, 2007 at 10:01:16PM -0800, coderman wrote:
> On 3/8/07, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:
> >I think a fix_able_ cap probably gets us most of the benefit: if we
> >change the cap, only the directory servers need to change their code
> >or configuration.
> 
> seems reasonable; the nature of the network is going to vary (perhaps
> significantly) with size and age...

Ok. I think we're all happy to accept this proposal -- Nick, can
you check it into the proposals section and integrate this thread
into a 'decisions' section or something?

Also, I would suggest that we make the cap 1 month, not two. The decision
shouldn't be so much about what fraction of the network it would cover,
but rather what uptime is "obviously" stable enough.  And if there's a
Tor server that's been up for a whole month, I have no problem calling it
stable. And we can just remember that if much of the network has uptimes
less than a month, we become more vulnerable to the attack described.

So we could patch Section 3.1 of dir-spec.txt to say:

   "Stable" -- A router is 'Stable' if it is running, valid, not
   hibernating, and either its uptime is at least the median uptime for
   known running, valid, non-hibernating routers, or its uptime is at
   least one month. Routers are never called stable if they are running
   a version of Tor known to drop circuits stupidly.  (0.1.1.10-alpha
   through 0.1.1.16-rc are stupid this way.)

Thanks!
--Roger

Follow-Ups:
- Re: Uptime Sanity Checking [closed]
  - From: Nick Mathewson
- Re: Uptime Sanity Checking
  - From: Roger Dingledine

References:
- Uptime Sanity Checking
  - From: Damon Liwanu Mc Coy
- Re: Uptime Sanity Checking
  - From: Peter Palfrader
- Re: Uptime Sanity Checking
  - From: Roger Dingledine
- Re: Uptime Sanity Checking
  - From: Nick Mathewson
- Re: Uptime Sanity Checking
  - From: coderman

Prev by Author: Re: Uptime Sanity Checking
Next by Author: Plan for proposal 104 (was: New system for modifying Tor protocol)
Previous by thread: Re: Uptime Sanity Checking
Next by thread: Re: Uptime Sanity Checking
Index(es):
- Author
- Thread