[tor-dev] Proposal 236, Single-guard designs, and directory guards

Nicholas Hopper hopper at cs.umn.edu
Fri Jun 6 16:00:31 UTC 2014

On Fri, Jun 6, 2014 at 10:07 AM, George Kadianakis <desnacked at riseup.net> wrote:
> That made me curious to learn how many guard nodes are not directory
> servers. Apparently, out of all 5393 routers, we have 2149 guards, and
> 1458 guards that are directory servers. So there are about 700 guards
> that are _not_ directory servers (I wonder what their bandwidth weight
> is).

I wrote a script to compute this when Nickm first raised the question:
$ python guard_dir_check.py ~/.tor/cached-microdesc-consensus 0
Total guard BW: 7083153.3967
Non-V2Dir guard BW: 1093535.0598

So, by weight it's a little lower - there's around 15% chance to
choose a guard that's not a directory mirror atm.  If you raise the
advertised bandwidth threshold for guard relays to 2000, the answer
stays about the same:

$ python guard_dir_check.py ~/.tor/cached-microdesc-consensus 2000
Total guard BW: 6750465.194
Non-V2Dir guard BW: 967363.393

> Apparently, this happens because the DirPort torrc option is required
> to be a directory server, and some relay operators just don't have it.
> Maybe we should consider again making all relays (or guards) to be
> directory servers. AFAIK, this idea was discarded in the past because
> it's not polite to open more ports (DirPort) on people's computers;
> but nowadays with BEGIN_DIR, we don't even need that extra port, right?

I think this is right.

> Or maybe the reason is that directory documents take hard disk space?
> But how much space do they take? Probably not that much.

The relay needs to have all of these documents in any case, right?

> At the very least, maybe we should add a log message saying "You are a
> guard but not a directory server. You can increase the security of
> your clients by enabling the DirPort option.".

This would make sense, but note that nothing in the config file tells
a relay that it's a guard.  So it won't notice this without looking
for its entry in the network status.

Nicholas Hopper
Associate Professor, Computer Science & Engineering, University of Minnesota
Visiting Research Director, The Tor Project

More information about the tor-dev mailing list