[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-dev] Prop 237 (Make all relays directory caches) Patch
Hi Nick, All,
I've made some minor corrections to proposal 237. Mostly these
are cosmetic changes, but I did remove some...overstatements,
as well. Attached is the patch, but it's only available as a
branch in my personal repo[0] as prop237-clarifications.
Let me know if you have any comments/suggestions (the overall
proposal is unchanged). If not, I'll start implementing this
within the next few days.
Thanks!
Matt
[0] https://git.torproject.org/user/sysrqb/torspec.git
From cc4e5afb83b7a5d34dc570f1f79a74e7ca000bf7 Mon Sep 17 00:00:00 2001
From: Matthew Finkel <Matthew.Finkel@xxxxxxxxx>
Date: Tue, 14 Oct 2014 00:18:32 +0000
Subject: [PATCH] Clarify and reword some statements in Prop 237
Mostly minor rephrasing.
The claim about mitigating against partitioning attacks is
unsubstantiated, remove it. The BadDir flag is also being
dropped, remove the related comment.
---
proposals/237-directory-servers-for-all.txt | 23 ++++++++++-------------
1 file changed, 10 insertions(+), 13 deletions(-)
diff --git a/proposals/237-directory-servers-for-all.txt b/proposals/237-directory-servers-for-all.txt
index bc5aad2..d238870 100644
--- a/proposals/237-directory-servers-for-all.txt
+++ b/proposals/237-directory-servers-for-all.txt
@@ -9,7 +9,7 @@ Overview:
This proposal aims at removing part of the distinction between the
relay and the directory server. Currently operators have the options
- of being one of: a relay, a directory server, or both. With the
+ of configuring one of: a relay, a directory server, or both. With the
acceptance of this proposal the options will be simplified to being
either only a directory server or a combined relay and directory
server. All relays will serve directory requests.
@@ -65,12 +65,13 @@ Design:
of whether they are deemed useful or usable, exactly like the current
directory servers. All relays will also accept directory requests when
they are tunnelled over a connection established with a BEGIN_DIR cell,
- the same way these connections are already accepted by bridges and
- directory servers with an open DirPort.
+ the same way bridges accept these connections already. The tunnelled
+ directory requests use the same protocol as those currently accepted
+ by directory servers which have an open DirPort.
Directory Authorities will now assign the V2Dir flag to a server if
- it supports a version of the directory protocol which is useful to
- clients and it has at least an open directory port or it has an open
+ it supports a version of the directory protocol which is useful for
+ clients and it has at least one open directory port or it has an open
and reachable OR port and advertises "tunnelled-dir-server" in its
server descriptor.
@@ -78,11 +79,7 @@ Design:
additional criterion that a server only needs the V2Dir status flag
instead of requiring an open DirPort. When the client chooses which
directory server it will query, it checks if the server has an open
- directory port and uses begindir if it does not have one. Directory
- servers should not be able to determine which version of Tor the client
- is using (or a lower-bound on the version), if possible. Continuing to
- prefer direct directory connections over begin may help mitigate a
- potential partitioning attack.
+ directory port and uses begindir if it does not have one.
Security Considerations and Implications:
@@ -99,9 +96,6 @@ Security Considerations and Implications:
a specific document still exists. With the increased diversity in the
available servers, the impact of this should be reduced.
- Another question that may need further consideration is whether we
- trust bad directories to be good guards and exits.
-
Specification:
The version 3 directory protocol specification does not
@@ -125,6 +119,9 @@ Impact on local resources:
documents is not available for new circuits. Should we add a config
option that allows operators to disable being a directory server? Is
it more worthwhile for them to serve these documents or to relay cells?
+ It was also suggested that the directory authorities could decide
+ against assigning a relay the V2Dir flag if their advertised or
+ measured bandwidth is below a certain cutoff. Is this a better idea?
Future Considerations:
--
1.7.10.4
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev