[tor-bugs] #25581 [Core Tor/Tor]: Inconsistent underscore config options (for vanguard options)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Apr 2 06:26:26 UTC 2018
#25581: Inconsistent underscore config options (for vanguard options)
-------------------------------------------------+-------------------------
Reporter: atagar | Owner: nickm
Type: defect | Status:
| needs_review
Priority: Medium | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Minor | Resolution:
Keywords: regression, 033-must, | Actual Points:
033-triage-20180326, 033-included-20180326 |
Parent ID: | Points:
Reviewer: asn | Sponsor:
-------------------------------------------------+-------------------------
Comment (by arma):
I'm having trouble reconciling the two stories I'm seeing of how we're
planning to frame these new options from the user perspective.
In story one, we've added these experimental internal options so that it's
easier to experiment with vanguards and get closer to knowing what
rotation parameters and so on we want to recommend. We plan to write some
controller scripts to help us implement our ideas for how vanguards might
work, which will help us to prove the concept to ourselves, and convince
us that we want to implement vanguards as part of Tor for real. In this
story, we make them double-underscore options to indicate that users
really shouldn't mess with them unless they're part of the vanguard
research work. Once we have some controller scripts that we think work, we
would then invite developer-style users to try them too, to help us find
bugs and make the idea better, so when we build it into Tor it will be the
best possible design.
In story two, we've added these expert-mode options so that users who
think they know how vanguards should work can begin using them for their
deployed onion services. We plan to write some controller scripts so that
users can begin using them for real-world situations, because while we
don't yet know how one should tune vanguards, or even if there are
parameters that will work in the real world, we plan to invite real users
to start using them asap because not using them seems really scary. In
this story, we want to make the torrc options like all the other torrc
options (no underscores), because maybe there are users who need vanguards
now yet their security situation precludes opening a control port, so
those users should be given the means to cobble together a manual vanguard
approach on their own.
I worry that we are trying to tell both of these stories at the same time,
and it's leading to conflicting plans.
For example: are we planning to write up documentation, aimed at users, on
how onion service operators should use the 0.3.3 vanguard torrc options to
become safer? (That plan would be in line with story two.) If so, I think
the EntryNodes comparison is not quite right, because we don't have any
documentation telling users how they should set EntryNodes to be safer,
and in fact we work hard to tell users that they will only hurt themselves
by setting it. (Or am I wrong and we do have those docs somewhere?)
In summary, I think we need to agree on what story we're intending to
tell, and then whether to under underscores will hopefully be clear from
there.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25581#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list