[tor-dev] [tor-project] Intent to Minimise Effort: Fallback Directory Mirrors

teor teor2345 at gmail.com
Tue Jan 9 04:08:26 UTC 2018 

> On 9 Jan 2018, at 14:23, Tom Ritter <tom at ritter.vg> wrote:
> 
>> On 8 January 2018 at 20:56, teor <teor2345 at gmail.com> wrote:
>> Add a torrc option and descriptor line to opt-in as a FallbackDir [4]
> 
> Setting a config entry is easy and requires no thought. It's easy to
> set without understanding the requirements or implications. Getting a
> personal email and request for one's relay to keep a stable IP lends a
> lot of gravity to the importance of it.
> 
> Are you worried about that?

My experience is that personal emails don't actually make much
difference. Operators try hard to keep things stable, but sometimes
their provider makes changes, or their circumstances change.

Here's what I've tried in the past:
* I sent personal emails the first few times,
* I sent list emails,
* I sent no emails at all, because we wanted to get seized relays
   off the list quickly.

Every time, we rebuilt the list after 6-12 months.
So this time, we only selected fallbacks that had the same address for
at least 3 months. I'm hoping that makes a difference.

Even if it doesn't change fallback stability, it's still good to tell people.

I would be happy if someone else sent personal emails to:
* potential operators of high-bandwidth relays
* every fallback operator when there is a new list
* any fallback operator when their relay details change, or their
   fallback goes down, asking them to fix it if they can

I think a bot or a human could do a very good job of these things.
(But I'm not that human.)

Hiro, did you want to write an email bot?
Or anyone else?
(The bot would need to work out how to deal with obfuscated email
addresses. We might need a human to code this part, and a list of
any particularly difficult ones.)

> Work-wise, the worst thing that would happen is that the list just
> needs to be regenerated more frequently - I think?

I want to reduce the time it takes to rebuild the list.
It takes days right now. If I'm going to keep on doing it, I'd like
to cut that down to hours.

The features I suggested let me do that.
And they make it easier for others to rebuild the list.
(I don't want to be the only one who can rebuild the list.)

And they don't stop people sending personal emails.
They just mean that the process doesn't rely on them.

> But user-wise
> people on those older versions will have significantly increased
> startup times if only 20% of their FallbackDirs are working...

Tor is designed to bootstrap if 0% of the fallbacks and 50% of the
authorities are working.

Recent tor versions wait 6 seconds before trying an authority.
(Older versions try an authority and a fallback straight away.)
They will try 5 fallbacks and 3 authorities in the first 30 seconds.

And we backport the new fallback list to all supported versions.

T

More information about the tor-dev mailing list