[tor-bugs] #11973 [Tor]: Should relays stop making unencrypted directory connections?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 15 15:39:40 UTC 2014
#11973: Should relays stop making unencrypted directory connections?
------------------------+------------------------------
Reporter: nickm | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: Tor | Version:
Resolution: | Keywords: needs-proposal
Actual Points: | Parent ID:
Points: |
------------------------+------------------------------
Comment (by nickm):
From that ticket, my impression of why you'd do a DirPort connection from
non-bridge relays:
>I think the original rationale was that:
> * all of this information was publicly associated with the uploading
IP, and as such encrypting it wouldn't actually protect anything.
> * using a separate port for uploads would allow directory authorities
to throttle downloads without harming uploads.
Roger added:
>Clients use begindir so it's harder to fingerprint and prevent their
directory fetches.
>
>Relays don't use begindir to avoid loading down the directory authorities
with ssl handshakes (heavyweight) simply for an http directory
publish/fetch (lightweight).
>
>Load on directory authorities seems like it should come primarily from a)
clients that are bootstrapping, though we're hoping to resolve that
bottleneck with the fallback directory mirrors, and b) relays. It'd be a
shame to magnify part 'b' by a lot.
At one point, I thought that b) was spurious, since bug #11469 had turned
off direct connections for (most) relays, but Roger pointed out to me that
it only turned off direct connections for ''publishing'', and that relays
downloading from authorities (which is much more expensive) still use
HTTP.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11973#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list