On Thu, May 21, 2020 at 08:03:03PM +0200, tschador@posteo.de wrote:
after an update of tor it always take about 4 days to get the HSDir flag back while the other flags are set very qick. What is the reason for this delay?
It's because the directory authorities are configured to wait that long before assigning the flag.
See the MinUptimeHidServDirectoryV2 option: https://gitweb.torproject.org/tor.git/tree/src/feature/dirauth/dirauth_optio...
It used to be 25 hours, long ago, with the reasoning that if a relay hasn't been up for a day, then it's too likely to go away again soon, and this churn causes reliability problems in reaching onion services.
We changed it to 96 hours in late 2014, when we saw a Sybil attack (many new relays suddenly appearing) and realized that while they wouldn't become Guards for a while, they would become HSDirs quite quickly, and maybe we want to give ourselves a few more days after new relays appear before they get to become HSDirs.
And here are two tickets on doing even more to make it hard for jerks to sign up relays with the goal of cheaply getting the HSDir flag: https://bugs.torproject.org/16538 and https://bugs.torproject.org/19162
And of course the long term fix is to drop the deprecated v2 onion service design, since the v3 onion service design is much better at limiting what an HSDir relay can learn about onion services: https://www.youtube.com/watch?v=Di7qAVidy1Y
Hope this helps, --Roger
On 5/23/20 11:40 AM, Roger Dingledine wrote:
And of course the long term fix is to drop the deprecated v2 onion service design, since the v3 onion service design is much better at limiting what an HSDir relay can learn about onion services: https://www.youtube.com/watch?v=Di7qAVidy1Y
I do wonder if the HSDir flag is restricted to not be assigned to more than 1 host in a -say- a /24 network? Because then the restriction of max 2 relays per IP address is less needed than before, or?
tor-relays@lists.torproject.org