[tor-dev] Proposal 258: Denial-of-service resistance for directory authorities
tom at ritter.vg
Fri Nov 6 04:11:57 UTC 2015
On 29 October 2015 at 11:25, Nick Mathewson <nickm at freehaven.net> wrote:
> There are two possible ways a new connection to a directory
> authority can be established, directly by a TCP connection to the
> DirPort, or tunneled inside a Tor circuit and initiated with a
> begindir cell. The client can originate the former as direct
> connections or from a Tor exit, and the latter either as fully
> anonymized circuits or one-hop links to the dirauth's ORPort.
Relays fetch the consensus from a V2Dir. Thus there is no risk that an
attacker can prevent an exit from fetching a consensus by (trying to)
DOS the DirAuths through it. I believe that's correct, just wanted to
say it out loud and let everyone confirm I guess.
More information about the tor-dev