[tor-bugs] #16558 [Tor]: DIr auths should vote about Invalid like they do about BadExit
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jul 12 04:20:11 UTC 2015
#16558: DIr auths should vote about Invalid like they do about BadExit
------------------------------+------------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version:
Keywords: SponsorR, tor-hs | Actual Points:
Parent ID: #16538 | Points:
------------------------------+------------------------------------
Right now only three dir auths put BadExit in their known-flags, so it
takes any 2 of those 3 to give a relay the BadExit flag, which causes an
exit relay to not be used by clients for exiting. This is a great
convenience for the dir auth operators, since otherwise we'd have to get a
majority of all nine (i.e. five) dir auth operators to declare that a
relay shouldn't be used for exiting, and we'd be much less agile in
response to detected bad behavior.
In comparison, all nine relays put Valid in their known-flags, so it takes
a full 5 of the 9 to give a relay the Valid flag -- or said another way,
it takes a full 5 of the 9 to take it away.
In the context of malicious HSDir roles, this lack of agility is hurting
us. We should explore ways to make !invalid more like !badexit.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16558>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list