[tor-relays] Mexico ISP blocking authority nodes and preventing exit relays.

Tim Wilson-Brown - teor teor2345 at gmail.com
Thu Feb 18 11:24:00 UTC 2016

> On 18 Feb 2016, at 22:16, Mirimir <mirimir at riseup.net> wrote:
> On 02/18/2016 03:47 AM, Tim Wilson-Brown - teor wrote:
>>> On 18 Feb 2016, at 14:40, Ricardo Malagon Jerez <rjmalagon at gmail.com> wrote:
>>> I don't know how and why, but since January is impossible to have an exit relay in Telmex ISP.
>>> And is harder to reach authority nodes.
>>> Someone wrote about this, but is mid February and is the same.
>>> Tor 2.8 alpha works pretty good with the authority fallback measures, but I can't implement the exit relay or publish the relay.
>> Thanks for the feedback about the fallback directory mirrors feature - I am glad to hear that it's working as planned.
>> But it only works for clients.
>> Relays need to be able to post their descriptors to the authorities. So they have to be able to reach at least one authority - they can't use only fallback directory mirrors.
> Could relays somehow use bridges for that?

Relays could upload their descriptors to the authorities over 3-hop tor circuits, like hidden services do to hidden service directories.

But that doesn't solve the core issue: Tor assumes all relays can connect to every other relay. If a relay can't reach the authorities, then that's 9 relays it can't reach, and it's likely that other relays are also blocked.

We would need to answer the following questions before we allowed relays that can't reach the authorities to bootstrap:
* how many other relays can each Tor relay reach at the moment?
* what's the minimum number of relays each relay should be able to reach to be useful?
* how can we check if a relay can reach that many relays?
* should the relay do the check itself before it submits its descriptor, or should the authorities or bandwidth authorities do the check?

This requires some research and security analysis.


Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160218/8799c225/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160218/8799c225/attachment.sig>

More information about the tor-relays mailing list