[tor-dev] Proposal 334: A flag to mark Relays as middle-only
neel at neelc.org
Sun Sep 12 19:17:37 UTC 2021
I have an updated proposal.
On 2021-09-07 13:52, s7r wrote:
> Don't worry -- it's glad to have you back always. Thanks. No judging
> anywhere around here by any means :)
> The proposal looks much better with the motivation section, at least
> me know what's all about.
> So the DirAuths will just vote about MiddleOnly like they vote about
> BadExit, based on internal communication. Sounds plausible for the
> desired goal.
> I saw you mentioned on the list of position where we will NOT use
> MiddleOnly relays RendezVous Points. Please add a note to it that in
> order to enforce this particular requirement, we need to teach the
> onion service server that receives the INTRODUCE2 cell to a rend point
> with MiddleOnly flag to not proceed with the rend protocol and close
> that circuit. Otherwise the requirement enforcement won't work because
> anybody doing any attack would probably use modified clients that
> don't follow the rules to not select a MiddleOnly as rend point.
I've added that section.
> I don't see any major blockers for this proposal, because if it's
> voted at DirAuth level only, in case it makes troubles for us in a
> perfect future (walking onions / all exits) we can simply decide at
> DirAuth level to not vote on it any more and remove the code that
> parses it.
Although being a realist here, all exits aren't likely, mainly for
relays hosted on residential ISPs as well as hosts less supportive of
exit relays. But hey, we never know, we should prepare for any scenario,
good or bad.
Both are very common. The former IMHO is very good as it helps
decentralize/diversify the network away from big datacenters, even if
only for non-exits. It's harder to surveil every ISP in NA and EU than
it it to surveil a few OVH, Scaleway, and Hetzner datacenters. However
the latter still sucks period, all hosts should allow exits.
For me, I'd love to have an exit from home, but there are too many
blockers in that. My home middle relay is off right now mainly because
of severe ping spikes when it's on .
> What will the consensus requirement be for this flag? 50%+1? IIRC the
> BadExit flag can be assigned with less than 50%+1 DirAuths.
To stay safe from malicious relays, like BadExit, my updated proposal
says that if one dirauth gives a relay the MiddleOnly flag, then it's
set for that relay. This is to prevent harm while all (or the majority
of) dirauths give the relay that flag.
Tidbits if you're interested (feel free to ignore if you aren't):
 - The CenturyLink tech said they need to add capacity to the
neighborhood's GPON splitter node. And no, I'm not signing up for
Comcast since Tor+WFH would saturate the DOCSIS upstream assuming I
won't go over the cap (which I will).
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the tor-dev