[tor-relays] pinning relay keys to IPs (or not)

Yawning Angel yawning at schwanenlied.me
Sun Jul 26 16:48:37 UTC 2015 

On Sun, 26 Jul 2015 16:11:56 +0200
nusenu <nusenu at openmailbox.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> [split from 'Giving away some "pre-warmed" relay keys for adoption']

Ok.

> > I'm of the opinion that it may be worth adding code to pin relay 
> > identities to IP addresses on the DirAuth side so that consensus 
> > weight and flag assignment gets totally reset if the ORPort IP 
> > changes, but if there's too much churn already it may cause more 
> > trouble than it's worth.
> 
> I hope such code will not be added, because it renders relays on
> dynamic IPs basically useless.
> In the past ~week only there were >1000 fingerprints (<3% cw fraction)
> using more than one IP address (in that timeframe)

Hey neat, numbers, thanks. <3% cw doesn't seem that bad.

I will reiterate that such a thing only will become viable once the
bandwidth measurement stuff sees massive improvement (and it is being
worked on), so this isn't a short term thing, and is just an idea.

I question the usefulness of most of the relays running on residential
lines in the first place for other reasons (Eg: most consumer routers
are crap, and will probably not be able to simultaneously maintain a
connection to every single other relay + bridge, which is rather
unhealthy to the network overall.  Being able to measure this and
delist/reduce consensus weight here would be good as well.).

If the relay's IP is constantly changing significantly faster than the
Guard rotation interval (needs more numbers here), I'm not sure if they
make great Guards, but this is an arma/asn type question since they
think more about Guards than I do.

Under a Tor that has the sort of pinning behavior I envision, a relay
that changes an IP once in a blue moon still remains useful, a relay
that changes an IP frequently (for some definition of frequently) will
be used as a middle only (which is still useful).

Regards,

-- 
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150726/17d9b492/attachment-0001.sig>

More information about the tor-relays mailing list