Re: [tor-relays] Mexico ISP blocking authority nodes and preventing exit relays.

Subject: Re: [tor-relays] Mexico ISP blocking authority nodes and preventing exit relays.

From: Tim Wilson-Brown - teor <teor2345@xxxxxxxxx>

Date: Thu, 18 Feb 2016 22:24:00 +1100

Delivery-date: Thu, 18 Feb 2016 06:24:18 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:message-id :references:to; bh=NbPlymKPjw277hrdWD0Pa/HzOXYSPIApqqklSKE+hKs=; b=WR7nvyo8wJ1ApJJ5MLhmIepuEwcjqwfjZcJQrYXQ01JDJzrpnJcWONea5ETkKjlhxI Fz3fwNvmyyldUBR6jl5lIP37+sbU3BHpG6JSDPXFS9wpElUkc8T/CwP3Ym4dzdQd6vYX uxQUMnPlVRXteRJ812iXamKB9GqHPWTDnAGVUOUvhI0InsOTNfDX9lcckV5XZYuXpJaI B2R75FrxI4Yr1TiproCBnZxjv7W0UbphzcSucOtUigMHBUzvhMjMtIBAssde+/kph8Z6 fNY9bHrenD6HLA9Cu6RUTBzHnGrThz5MeQeU942iWP3b66SuzEYBvkTLO05HDS28XFRS 43Fg==

In-reply-to: <56C5A80A.8090204@xxxxxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

References: <CAPG1sDo2tPkh4JNuHy=NH0P4HtbZtGshdvx+41AzAS+ppbMJeg@xxxxxxxxxxxxxx> <866CA690-29C1-4837-B91D-415DA170AFA5@xxxxxxxxx> <56C5A80A.8090204@xxxxxxxxxx>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 18 Feb 2016, at 22:16, Mirimir <mirimir@xxxxxxxxxx> wrote:

On 02/18/2016 03:47 AM, Tim Wilson-Brown - teor wrote:

On 18 Feb 2016, at 14:40, Ricardo Malagon Jerez <rjmalagon@xxxxxxxxx> wrote:

I don't know how and why, but since January is impossible to have an exit relay in Telmex ISP.
And is harder to reach authority nodes.
Someone wrote about this, but is mid February and is the same.
Tor 2.8 alpha works pretty good with the authority fallback measures, but I can't implement the exit relay or publish the relay.

Thanks for the feedback about the fallback directory mirrors feature - I am glad to hear that it's working as planned.
But it only works for clients.

Relays need to be able to post their descriptors to the authorities. So they have to be able to reach at least one authority - they can't use only fallback directory mirrors.

Could relays somehow use bridges for that?

Relays could upload their descriptors to the authorities over 3-hop tor circuits, like hidden services do to hidden service directories.

But that doesn't solve the core issue: Tor assumes all relays can connect to every other relay. If a relay can't reach the authorities, then that's 9 relays it can't reach, and it's likely that other relays are also blocked.

We would need to answer the following questions before we allowed relays that can't reach the authorities to bootstrap:

* how many other relays can each Tor relay reach at the moment?

* what's the minimum number of relays each relay should be able to reach to be useful?

* how can we check if a relay can reach that many relays?

* should the relay do the check itself before it submits its descriptor, or should the authorities or bandwidth authorities do the check?

This requires some research and security analysis.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays