[tor-dev] Proposal: All Relays are Directory Servers
nickm at freehaven.net
Mon Aug 18 18:17:28 UTC 2014
On Wed, Aug 13, 2014 at 11:53 AM, Matthew Finkel
<matthew.finkel at gmail.com> wrote:
> Hi All,
> Below is the proposal for #12538 , with some changes after George's
> review and some other revisions.
> Feedback welcome!
>  https://trac.torproject.org/projects/tor/ticket/12538
Thanks! This is now proposal 237. Any revisions should be sent in as
patches against the one in the torspec repository.
> Filename: xxx-directory-servers-for-all.txt
> Title: All relays are directory servers
> Author: Matthew Finkel
> Created: 29-Jul-2014
> Target: 0.2.6.x
> This proposal aims at removing part of the distinction between the
> relay and the directory server. Currently operators have the options
> of being one of: a relay, a directory server, or both. With the
> acceptance of this proposal the options will be simplified to being
> either only a directory server or a combined relay and directory
> server. All relays will serve directory requests.
FWIW, we don't support being only a directory server right now, do we?
> Clients choose a directory by using the current criteria with the
> additional criterion that a server only needs the V2Dir status flag
> instead of requiring an open DirPort. When the client chooses which
> directory server it will query, it checks if the server has an open
> directory port and uses begindir if it does not have one. Directory
> servers should not be able to determine which version of Tor the client
> is using (or a lower-bound on the version), if possible. Continuing to
> prefer direct directory connections over begin may help mitigate a
> potential partitioning attack.
Well, the partitioning attack is going to be rendered possible here by
the fact that an 0.2.5 client won't send a RELAY_BEGIN_DIR cell to a
node with DirPort=0, V2Dir=1, but an 0.2.6 client might.
I think this is not too bad, though: alpha users are typically visible
as alpha users for other reasons as well, and when everybody upgrades
to the next stable Tor version, they usually do so en masse.
> Impact on local resources:
> Should relays attempt to download documents from another mirror
> before asking an authority? All relays will now prefer contacting the
> authorities first, but this will not scale well and will partition users
> from relays.
Partitioning users from relays is inevitable. If you're not sure
whether somebody is a relay, just send them a CREATE_FAST cell and see
what they do.
> If all relays become directory servers, they will choose to
> download all documents, regardless of whether they are useful, in case
> another client does want them. This will have very little impact on the
> "typical" relay, however on memory constrained relays (BeagleBone,
> Raspberry Pi, and similar), every megabyte allocated to directory
> documents is not available for new circuits. Should we add a config
> option that allows operators to disable being a directory server? Is
> it more worthwhile for them to serve these documents or to relay cells?
Maybe only relays with a threshold of bandwidth or memory should be
More information about the tor-dev