[tor-relays] pinning relay keys to IPs (or not)

s7r s7r at sky-ip.org
Sun Jul 26 18:09:13 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Yawning,

We need to confirm this: is a relay holding TLS connections to the
majority of the other relays?

On a relay with over 100 days of uptime (middle relay) Stable, HSDir,
etc. I have (# netstat -a | wc -l) 1942 connections. Another one, with
less uptime just has 548 connections. These relays have a small
consensus weight. A guard with good consensus weight has much more,
but anyway under the ~6400 (total number of relays in the consensus).


On 7/26/2015 7:48 PM, Yawning Angel wrote:
> On Sun, 26 Jul 2015 16:11:56 +0200 nusenu <nusenu at openmailbox.org>
> wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
>> 
>> [split from 'Giving away some "pre-warmed" relay keys for
>> adoption']
> 
> Ok.
> 
>>> I'm of the opinion that it may be worth adding code to pin
>>> relay identities to IP addresses on the DirAuth side so that
>>> consensus weight and flag assignment gets totally reset if the
>>> ORPort IP changes, but if there's too much churn already it may
>>> cause more trouble than it's worth.
>> 
>> I hope such code will not be added, because it renders relays on 
>> dynamic IPs basically useless. In the past ~week only there were
>> >1000 fingerprints (<3% cw fraction) using more than one IP
>> address (in that timeframe)
> 
> Hey neat, numbers, thanks. <3% cw doesn't seem that bad.
> 
> I will reiterate that such a thing only will become viable once
> the bandwidth measurement stuff sees massive improvement (and it is
> being worked on), so this isn't a short term thing, and is just an
> idea.
> 
> I question the usefulness of most of the relays running on
> residential lines in the first place for other reasons (Eg: most
> consumer routers are crap, and will probably not be able to
> simultaneously maintain a connection to every single other relay +
> bridge, which is rather unhealthy to the network overall.  Being
> able to measure this and delist/reduce consensus weight here would
> be good as well.).
> 
> If the relay's IP is constantly changing significantly faster than
> the Guard rotation interval (needs more numbers here), I'm not sure
> if they make great Guards, but this is an arma/asn type question
> since they think more about Guards than I do.
> 
> Under a Tor that has the sort of pinning behavior I envision, a
> relay that changes an IP once in a blue moon still remains useful,
> a relay that changes an IP frequently (for some definition of
> frequently) will be used as a middle only (which is still useful).
> 
> Regards,
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJVtSJJAAoJEIN/pSyBJlsRykoH/2RlWBnvgg2/Ecux3BCOEH7d
UgpmBufoX5/g2wqNkixNhSVPICCbSnzie5HuIcSjZXUZ1B7YZPU86xgZPKFRm5pn
lMzgfsoUUYsOwz9PluRC0Og5YbssUIpB71jOhOaCO+RxvX034s4FVZbd++ByH1qi
rXzV+d6KRaQAB6+Togo+qHy8NTQJqoGpw8y4ikJa96puyJD95AAjs2KBwaqOUsGD
A4IGNSsEUbfRfkZURDqecasQnQPsHtH3OBlnv2/pKmlp5DuxSQJNSrqqpqDRa8su
XGtXZkYd7tqCCE6EJRau4MUaiRV5CvQImcYEmyyNSMmiPSXKwvaA7cpiYjJMga8=
=UCjN
-----END PGP SIGNATURE-----

More information about the tor-relays mailing list