[tor-relays] Why does it take 4 days to get the HSDir flag back?
Roger Dingledine
arma at torproject.org
Sat May 23 09:40:02 UTC 2020
On Thu, May 21, 2020 at 08:03:03PM +0200, tschador at posteo.de wrote:
> after an update of tor it always take about 4 days to get the HSDir flag
> back while the other flags are set very qick. What is the reason for
> this delay?
It's because the directory authorities are configured to wait that long
before assigning the flag.
See the MinUptimeHidServDirectoryV2 option:
https://gitweb.torproject.org/tor.git/tree/src/feature/dirauth/dirauth_options.inc?h=tor-0.4.3.5#n55
It used to be 25 hours, long ago, with the reasoning that if a relay
hasn't been up for a day, then it's too likely to go away again soon,
and this churn causes reliability problems in reaching onion services.
We changed it to 96 hours in late 2014, when we saw a Sybil attack (many
new relays suddenly appearing) and realized that while they wouldn't
become Guards for a while, they would become HSDirs quite quickly, and
maybe we want to give ourselves a few more days after new relays appear
before they get to become HSDirs.
And here are two tickets on doing even more to make it hard for jerks
to sign up relays with the goal of cheaply getting the HSDir flag:
https://bugs.torproject.org/16538
and
https://bugs.torproject.org/19162
And of course the long term fix is to drop the deprecated v2 onion
service design, since the v3 onion service design is much better at
limiting what an HSDir relay can learn about onion services:
https://www.youtube.com/watch?v=Di7qAVidy1Y
Hope this helps,
--Roger
More information about the tor-relays
mailing list