[tor-bugs] #8243 [Tor]: Getting the HSDir flag should require more effort

[Tor Bug Tracker & Wiki]

#8243: Getting the HSDir flag should require more effort
-------------------------+-------------------------------------------------
     Reporter:  arma     |      Owner:
         Type:           |     Status:  new
  enhancement            |  Milestone:  Tor: 0.2.7.x-final
     Priority:  normal   |    Version:
    Component:  Tor      |   Keywords:  SponsorR tor-auth needs-proposal
   Resolution:           |  026-triaged-1
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------

Comment (by asn):

 It seems that most realistic attacks on HSDirs will be plugged by
 introducing non-deterministic HSDir selection (#8244) and keyblinding
 (#8106).

 This ticket though could help against attacks by less sophisticated
 adversaries. For example by making the HSDir flag a bit harder to get, we
 can defend against weaker adversaries like the lizards or people who
 bruteforce their relay's public key to become the HSDir of hidden services
 and then measure their popularity. Roger suggested that HSDir flag should
 only be given to Stable relays, and this might be a sane idea.

 Looking at metrics, this will half the number of HSDirs from 3k down to
 1.5k. The number is still big enough and getting Stable flag requires a
 week, which means that it will give us time to !reject big sybil attacks.

 Maybe more thought needs to be given here, but making it harder to become
 an HSDir flag seems to be a good idea.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8243#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online