Servers and the "Named" flag (was Re: time needed to register a serve)

Paul Syverson syverson at itd.nrl.navy.mil
Mon Sep 24 13:56:27 UTC 2007


On Sun, Sep 23, 2007 at 04:37:27PM -0400, Roger Dingledine wrote:
> 
> Once upon a time (2003 era), you needed to be manually approved or you
> wouldn't be able to join the network. The primary reason was that we
> needed to verify that your server was reachable, working, etc. Then
> we got more than a dozen servers, including servers run by people we
> didn't know, and we automated the process of testing reachability at the
> directory authorities. Then we started to allow unnamed servers to join
> the network and play pretty much the same role.
> 

Not that it matters much for present purposes, but I would say that
these primary reasons were actually clear ancillary benefits that grew
to be the important reasons. The original motivation for putting this
man-in-the-loop element in there by design was a kluge to have a
simple if weak check on the number of servers run by a single
authorities rather than to make sure servers were up and running
properly (which was an issue whether you were known or not). In
practice this started as Roger-has-to-know-you-out-of-band.  

Once we were pleased to scale beyond that being feasible, we (i.e.,
Roger) were still manually deciding whether to take a server into the
network, so could avoid or manage-as-it-arose multiple servers
obviously controlled by the same person, and we could have warm
fuzzies that we made it at least a bit more work if someone wanted to
do this non-obviously.  Throughout this process, even when everyone
was known, there will still interactions of the
we-don't-seem-to-be-able-to-reach-you or
we-don't-seem-to-be-able-to-make-circuits-through-you type.  But, as
the authorization aspect came to be less manageable and wasn't a
functional issue, it ceased being something that was addressed at all
in joining the network. 

I think even before Weasel took over this job from Roger it had
entirely moved to an issue of functionality rather than preserving
anonymity that was being addressed by having registration.  As scaling
continued, whether for server reachability/functioning or for
authorization of who could join what to the network, this moved beyond
what Weasel or anyone could feasibly manage in this way. We ultimately
arrived at the current situation.

The automation and usability of configuration continues to improve
steadily (if much too slowly for the impatient).  Managing who is in
the network and/or their control of path endpoints is something that
remains much trickier since the nature of the network is itself
evolving. And what is theoretically justified, practical, and doesn't
break some other aspect is itself very murky and the subject of
ongoing research.

aloha,
Paul



More information about the tor-talk mailing list