[tor-dev] Proposal: All Relays are Directory Servers

Tue Aug 19 02:42:17 UTC 2014

> On 19 Aug 2014, at 11:30, Nick Mathewson <nickm at freehaven.net> wrote:
> 
> Date: Mon, 18 Aug 2014 14:17:28 -0400
> From: Nick Mathewson <nickm at freehaven.net>
> To: tor-dev at lists.torproject.org
> Subject: Re: [tor-dev] Proposal: All Relays are Directory Servers
> 
> 
>> On Wed, Aug 13, 2014 at 11:53 AM, Matthew Finkel
>> <matthew.finkel at gmail.com> wrote:
>> Hi All,
>> 
>> Below is the proposal for #12538 [0], with some changes after George's
>> review and some other revisions.
>> 
>> Feedback welcome!
>> 
>> Thanks,
>> Matt
>> 
>> 
>> [0] https://trac.torproject.org/projects/tor/ticket/12538
> 
> Thanks! This is now proposal 237. Any revisions should be sent in as
> patches against the one in the torspec repository.
> 
>> Filename: xxx-directory-servers-for-all.txt
>> Title: All relays are directory servers
>> Author: Matthew Finkel
>> Created: 29-Jul-2014
>> Status:
>> Target: 0.2.6.x
>> 
>> Overview:
>> 
>>    This proposal aims at removing part of the distinction between the
>> relay and the directory server. Currently operators have the options
>> of being one of: a relay, a directory server, or both.  With the
>> acceptance of this proposal the options will be simplified to being
>> either only a directory server or a combined relay and directory
>> server. All relays will serve directory requests.
> 
> FWIW, we don't support being only a directory server right now, do we?

I've recently configured a tor instance [for HTTP fuzzing] that does nothing but cache the entire directory - all that is required is setting the DirPort non-zero, and the ORPort to 0.

No warnings are emitted, and the instance stays stable, up to date with the consensus and descriptors, and answers [local] directory requests [as configured].

Because it's a local/test instance, I have specifically disabled external access. I have also disabled the default relay/directory server behaviour of submitting its own descriptor to the authorities. So I don't actually know if it would submit a descriptor if I enabled that option. However, the man page says that either one of a directory or a router port is sufficient for a server to submit its descriptor to the consensus.

I also don't know if clients would connect to a directory server that didn't have an ORPort. Do clients select directory guards based on flags that it's impossible for a directory-only Tor instance to obtain? What about HSDirs?

Nick, which of these things did you mean by "support"?
Does the consensus include directory-only Tor servers?
Do tor clients connect to directory-only Tor servers?
Will a directory-only Tor server ever get the flags needed to become a "directory guard"?
Will a directory-only Tor server ever get the flags needed to become a HSDir?

(I think we agree that a directory-only server is a far less useful configuration of an instance than a router would be.)

Tim