On 4/17/15, Peter Palfrader weasel@torproject.org wrote:
On Fri, 17 Apr 2015, Jacob Appelbaum wrote:
On 4/17/15, Peter Palfrader weasel@torproject.org wrote:
so, Tor has included a feature to fetch the initial consensus from nodes other than the authorities for a while now. We just haven't shipped a list of alternate locations for clients to go to yet.
Reasons why we might want to ship tor with a list of additional places where clients can find the consensus is that it makes authority reachability and BW less important.
At the last Tor dev meeting we came up with a list of arbitrary requirements that nodes should meet to be included in this list.
We want them to have been around and using their current key, address, and port for a while now (120 days), and have been running, a guard, and a v2 directory mirror for most of that time.
Is there a way to make the Tor Dir Auths produce that file as a verifiable consensus every hour? Or is there a way to make the client set that list of constraints and then we can just use a normal consensus file?
I think this list would be created at release time and ship with the tor binaries/source.
That gives a build person a lot of power - should we expect each distro to do it correctly? I trust that you will do a fine job but I'm not sure about others...
It gives an attacker an opportunity to segment or partition a view of the network, I think. If the document is a strict signed subset produced by the current Dir Auths, I think we'd not have that concern.
All the best, Jake