On 02/18/2016 04:24 AM, Tim Wilson-Brown - teor wrote:
On 18 Feb 2016, at 22:16, Mirimir mirimir@riseup.net wrote:
On 02/18/2016 03:47 AM, Tim Wilson-Brown - teor wrote:
On 18 Feb 2016, at 14:40, Ricardo Malagon Jerez rjmalagon@gmail.com wrote:
I don't know how and why, but since January is impossible to have an exit relay in Telmex ISP. And is harder to reach authority nodes. Someone wrote about this, but is mid February and is the same. Tor 2.8 alpha works pretty good with the authority fallback measures, but I can't implement the exit relay or publish the relay.
Thanks for the feedback about the fallback directory mirrors feature - I am glad to hear that it's working as planned. But it only works for clients.
Relays need to be able to post their descriptors to the authorities. So they have to be able to reach at least one authority - they can't use only fallback directory mirrors.
Could relays somehow use bridges for that?
Relays could upload their descriptors to the authorities over 3-hop tor circuits, like hidden services do to hidden service directories.
But that doesn't solve the core issue: Tor assumes all relays can connect to every other relay. If a relay can't reach the authorities, then that's 9 relays it can't reach, and it's likely that other relays are also blocked.
Doh. And any network that blocked access to authorities could block access to all Tor relays.
We would need to answer the following questions before we allowed relays that can't reach the authorities to bootstrap:
- how many other relays can each Tor relay reach at the moment?
- what's the minimum number of relays each relay should be able to reach to be useful?
- how can we check if a relay can reach that many relays?
- should the relay do the check itself before it submits its descriptor, or should the authorities or bandwidth authorities do the check?
This requires some research and security analysis.
Right. A relay that needs a bridge to reach other relays is relatively useless. And can perhaps hide malicious activity more easily too.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays