commit 3e6568939a43480786646eddc3eb4253a8164652 Author: George Kadianakis <desnacked@riseup.net> Date: Thu Apr 21 13:20:58 2016 +0300 prop224: Clarify descriptor upload section. Also specify that HSes should re-upload their descriptor every one hour. --- proposals/224-rend-spec-ng.txt | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt index 32d29de..3bc1d97 100644 --- a/proposals/224-rend-spec-ng.txt +++ b/proposals/224-rend-spec-ng.txt @@ -660,11 +660,11 @@ Status: Draft approximately 21 hours and 38 minutes after the beginning of the period. - The new shared random value MUST be published *before* the overlap interval + New shared random values MUST be published *before* the overlap interval starts so that hidden services have access to the new shared random values in time and can calculate the upcoming set of responsible HSDirs. In our - system, new shared random values get published at 00:00UTC every day, whereas - the overlap period starts at 06:00 and finishes at 12:00UTC. + system, new shared random values get published at 00:00UTC every day, + whereas the overlap period starts at 06:00 and finishes at 12:00UTC. Here is an illustration of the system: @@ -706,24 +706,21 @@ Status: Draft hs_index(replicanum) = H("store-at-idx" | blinded_public_key | INT_8(replicanum) | - INT_8(periodnum) ) - - where blinded_public_key is specified in section KEYBLIND, and - periodnum is defined in section TIME-PERIODS. + INT_8(period_num) ) - where n_replicas is determined by the consensus parameter - "hsdir_n_replicas". + where blinded_public_key is specified in section KEYBLIND, and period_num is + defined in section [TIME-PERIODS]. - Then, for each node listed in the current consensus with the HSDir3 - flag, we compute a directory index for that node as: + Then, for each node listed in the current consensus with the HSDirV3 flag, + we compute a directory index for that node as: hsdir_index(node) = H("node-idx" | node_identity_digest | - shared_random | + shared_random_value | INT_8(period_num) ) - where shared_random is the shared value generated by the authorities - in section PUB-SHAREDRANDOM, and node_identity_digest is a SHA1 - digest of the node's RSA public key as described in tor-spec.txt. + where shared_random_value is the shared value generated by the authorities + in section [PUB-SHAREDRANDOM], and node_identity_digest is a SHA1 digest of + the node's RSA public key as described in tor-spec.txt. Finally, for replicanum in 1...hsdir_n_replicas, the hidden service host uploads descriptors to the first hsdir_spread_store nodes whose @@ -746,6 +743,11 @@ Status: Draft Again, nodes from lower-numbered replicas are disregarded when choosing the spread for a replica. + Hidden services MUST periodically re-publish their descriptor to the + responsible HSDirs. Specifically, hidden services re-publish their + descriptors every 1 hour (also controlled via the 'hs_rend_post_period' + consensus parameter). + HSDirs MUST retain hidden service descriptors for 33 hours before expiring them. That's 24 hours for the time period duration, plus 6 hours for the maximum overlap period span, plus 3 hours for the maximum acceptable client