[tor-dev] Proposal 258: Denial-of-service resistance for directory authorities

Tom Ritter tom at ritter.vg
Fri Nov 6 04:11:57 UTC 2015

On 29 October 2015 at 11:25, Nick Mathewson <nickm at freehaven.net> wrote:
>    There are two possible ways a new connection to a directory
>    authority can be established, directly by a TCP connection to the
>    DirPort, or tunneled inside a Tor circuit and initiated with a
>    begindir cell.  The client can originate the former as direct
>    connections or from a Tor exit, and the latter either as fully
>    anonymized circuits or one-hop links to the dirauth's ORPort.

Relays fetch the consensus from a V2Dir. Thus there is no risk that an
attacker can prevent an exit from fetching a consensus by (trying to)
DOS the DirAuths through it. I believe that's correct, just wanted to
say it out loud and let everyone confirm I guess.


More information about the tor-dev mailing list