[tor-bugs] #21969 [Core Tor/Tor]: We're missing descriptors for some of our primary entry guards
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 18 03:12:01 UTC 2017
#21969: We're missing descriptors for some of our primary entry guards
-----------------------------------+------------------------------------
Reporter: asn | Owner: asn
Type: defect | Status: assigned
Priority: High | Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-guard, tor-bridge | Actual Points:
Parent ID: | Points: 1.5
Reviewer: | Sponsor: SponsorU
-----------------------------------+------------------------------------
Comment (by teor):
Replying to [comment:19 s7r]:
> Thinking some more about this, maybe we can forget about descriptor
priority downloads because on the longer term we won't need it and it will
just complicate stuff for us. If I recall correctly (please confirm) atm
we are trying to make '''all relays directory servers using BEGIN_DIR on
ORPort''' which means Guard == DirGuard, so clients can first of all,
download the guard descriptor directly from the guard itself and all this
whole dance is avoided.
Operators can explicitly disable DirCache, and can also disable it by
setting various other options (like AccountingMax), or by having low RAM
or bandwidth. Also, DirCache was only introduced in 0.2.8, and we support
relays back to 0.2.4.
So while it is true that most guards are DirCaches, not all guards will
be, even in the future.
Also, this might enable an attack/issue where a guard posts one descriptor
to the directory authorities, and another to its clients. (This is avoided
by using microdescriptors, because their hashes are in the consensus.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21969#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list