Clients tunnel directory connections through the ORPort. So the only thing that changes when you set the DirPort to 0 is that the port isn't opened. The details are: Hidden Service Directories (HSDir) and Directory Mirrors (V2Dir) are independent functions, with different consensus flags. HSDir: Since 0.2.7, all relays, (even if the have no DirPort) advertise in their descriptor that they are willing to be a hidden service directory. Then the authorities impose minimum uptime and bandwidth requirements for the HSDir flag. Then clients use this flag to decide whether to ask for hidden service descriptors from the relay. Directory Mirrors: In 0.2.8, almost all relays, (even if the have no DirPort) advertise in their descriptor that they are willing to accept directory connections tunnelled over their ORPort. Then 0.2.8 clients use this part of the descriptor to decide whether to make tunnelled directory connections to relays, even if they don't have the V2Dir flag. In all current releases, relays with a DirPort advertise they support the version 2 directory protocol, and then the authorities impose requirements and assign the V2Dir flag. Then clients use this flag to decide whether to make tunnelled directory connections to relays. Direct DirPort Use: Some obscure client configurations and firewalled clients may use the DirPort directly. We're looking to fix that so all client connections (and bridge connections, for consistency) are tunnelled. Relays use the DirPort directly, but they typically use the authorities for directory documents. (Some obscure relay configurations will use the fallback directory mirrors.) Tim
Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F |
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays