[tor-relays] Some Dir Authorities blocked

Scott Bennett bennett at sdf.org
Sun Sep 17 13:13:43 UTC 2017 

Roger Dingledine <arma at mit.edu> wrote:

> On Sat, Sep 16, 2017 at 11:44:41PM +0000, dawuud wrote:
> > > Your only option would be to ask your ISP to uncensor the internet,
> > > unfortunately. Tor requires that all relays are able to contact all
> > > other relays, and those which cannot participate in the network.
> > 
> > I think you meant to say:
> > "Tor requires that all relays are able to contact all directory authorities"
>
> Actually, no, we want it to be the case that all relays can reach all

     That does not contradict what dawuud wrote, as can be clearly seen.
What you want and what tor currently requires are not the same thing at all.

> relays. The less true that becomes -- that is, the less clique-like
> the network topology becomes -- the more complicated the anonymity
> measurements become, and that is potentially quite bad.

     That is why OutboundBindAddress values need to be published somewhere.
Those of us who use packet filters in defense of our systems and/or our LANs
can allow connections to our relays' ORPorts from otherwise blocked addresses
if we know which of those blocked addresses have tor relays that may be trying
to connect.  Without that information, the only way you will ever get what you
want is by turning away volunteers.
     Roger, you may recall our earlier discussion about this subject on this
list.  Since that time, I have used the information you provided then to
automate the inclusion of the exit relay address list, and I have spot checked
some of those addresses to make sure they were indeed landing in the TorRelays
table used by my pf rules.  I have not been able to tell whether or how much
the exemption of exit addresses that were not published by the relays
themselves has improved anything, but the change was made.  If you could get
tor to publish any otherwise unpublished addresses it uses to make outbound
connections to other relays somewhere, those of us using packet filters could
include the rest of the missing addresses in aid of the connectivity you want.
One possible place to publish them might be the extra-info documents, which
would avoid any alteration of the directory entry format.  We relay operators
could then use DownloadExtraInfo to get those documents, from which we could
extract the OutboundBindAddress values and merge them in with what we already
compile.  However, the network load involved in downloading extra-info for all
relays on a frequent basis could be avoided if that processing were done on a
tor project machine and the address list posted on the project web site as is
currently done for the exit relay list.
     However you decide the addresses should be made available, it must be
included in any effort to make possible the full connectivity you envision.
>
> > Tor certainly does NOT require all relays can contact all relays.  In
> > fact, the network is *very* partitioned... but as of the past few
> > months I haven't put any energy into proving this; although I do have
> > some mostly finished twisted python code to make all two hop tor
> > circuits and records circuit build failures and circuit build timeouts.
>
> This is a great research area that it would be good to see some
> attention for.
>
> In particular, if there are specific relays that are doing especially
> poorly for connectivity, we should work with them to try to get them to
> fix it, and if it's unfixable, downgrade their weights and/or boot them
> from the network.

     1) It's not necessarily a relay operator's fault.
     2) At least one problem can be fixed by supplying the missing data, as
        described above.
>
> See also
> https://trac.torproject.org/projects/tor/ticket/12131
> ("Measure connectivity patterns between relays")
> and
> https://trac.torproject.org/projects/tor/ticket/19068
> ("Write and run a clique reachability test")


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:   bennett at sdf.org   *xor*   bennett at freeshell.org  *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************

More information about the tor-relays mailing list