I don't know how and why, but since January is impossible to have an exit relay in Telmex ISP. And is harder to reach authority nodes. Someone wrote about this, but is mid February and is the same. Tor 2.8 alpha works pretty good with the authority fallback measures, but I can't implement the exit relay or publish the relay.
On 18 Feb 2016, at 14:40, Ricardo Malagon Jerez rjmalagon@gmail.com wrote:
I don't know how and why, but since January is impossible to have an exit relay in Telmex ISP. And is harder to reach authority nodes. Someone wrote about this, but is mid February and is the same. Tor 2.8 alpha works pretty good with the authority fallback measures, but I can't implement the exit relay or publish the relay.
Thanks for the feedback about the fallback directory mirrors feature - I am glad to hear that it's working as planned. But it only works for clients.
Relays need to be able to post their descriptors to the authorities. So they have to be able to reach at least one authority - they can't use only fallback directory mirrors.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
On 02/18/2016 03:47 AM, Tim Wilson-Brown - teor wrote:
On 18 Feb 2016, at 14:40, Ricardo Malagon Jerez rjmalagon@gmail.com wrote:
I don't know how and why, but since January is impossible to have an exit relay in Telmex ISP. And is harder to reach authority nodes. Someone wrote about this, but is mid February and is the same. Tor 2.8 alpha works pretty good with the authority fallback measures, but I can't implement the exit relay or publish the relay.
Thanks for the feedback about the fallback directory mirrors feature - I am glad to hear that it's working as planned. But it only works for clients.
Relays need to be able to post their descriptors to the authorities. So they have to be able to reach at least one authority - they can't use only fallback directory mirrors.
Could relays somehow use bridges for that?
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 18 Feb 2016, at 22:16, Mirimir mirimir@riseup.net wrote:
On 02/18/2016 03:47 AM, Tim Wilson-Brown - teor wrote:
On 18 Feb 2016, at 14:40, Ricardo Malagon Jerez rjmalagon@gmail.com wrote:
I don't know how and why, but since January is impossible to have an exit relay in Telmex ISP. And is harder to reach authority nodes. Someone wrote about this, but is mid February and is the same. Tor 2.8 alpha works pretty good with the authority fallback measures, but I can't implement the exit relay or publish the relay.
Thanks for the feedback about the fallback directory mirrors feature - I am glad to hear that it's working as planned. But it only works for clients.
Relays need to be able to post their descriptors to the authorities. So they have to be able to reach at least one authority - they can't use only fallback directory mirrors.
Could relays somehow use bridges for that?
Relays could upload their descriptors to the authorities over 3-hop tor circuits, like hidden services do to hidden service directories.
But that doesn't solve the core issue: Tor assumes all relays can connect to every other relay. If a relay can't reach the authorities, then that's 9 relays it can't reach, and it's likely that other relays are also blocked.
We would need to answer the following questions before we allowed relays that can't reach the authorities to bootstrap: * how many other relays can each Tor relay reach at the moment? * what's the minimum number of relays each relay should be able to reach to be useful? * how can we check if a relay can reach that many relays? * should the relay do the check itself before it submits its descriptor, or should the authorities or bandwidth authorities do the check?
This requires some research and security analysis.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
On 02/18/2016 04:24 AM, Tim Wilson-Brown - teor wrote:
On 18 Feb 2016, at 22:16, Mirimir mirimir@riseup.net wrote:
On 02/18/2016 03:47 AM, Tim Wilson-Brown - teor wrote:
On 18 Feb 2016, at 14:40, Ricardo Malagon Jerez rjmalagon@gmail.com wrote:
I don't know how and why, but since January is impossible to have an exit relay in Telmex ISP. And is harder to reach authority nodes. Someone wrote about this, but is mid February and is the same. Tor 2.8 alpha works pretty good with the authority fallback measures, but I can't implement the exit relay or publish the relay.
Thanks for the feedback about the fallback directory mirrors feature - I am glad to hear that it's working as planned. But it only works for clients.
Relays need to be able to post their descriptors to the authorities. So they have to be able to reach at least one authority - they can't use only fallback directory mirrors.
Could relays somehow use bridges for that?
Relays could upload their descriptors to the authorities over 3-hop tor circuits, like hidden services do to hidden service directories.
But that doesn't solve the core issue: Tor assumes all relays can connect to every other relay. If a relay can't reach the authorities, then that's 9 relays it can't reach, and it's likely that other relays are also blocked.
Doh. And any network that blocked access to authorities could block access to all Tor relays.
We would need to answer the following questions before we allowed relays that can't reach the authorities to bootstrap:
- how many other relays can each Tor relay reach at the moment?
- what's the minimum number of relays each relay should be able to reach to be useful?
- how can we check if a relay can reach that many relays?
- should the relay do the check itself before it submits its descriptor, or should the authorities or bandwidth authorities do the check?
This requires some research and security analysis.
Right. A relay that needs a bridge to reach other relays is relatively useless. And can perhaps hide malicious activity more easily too.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I suspect that Telmex ISP, Mexico biggest by far, found a very surgical way to prevent relays. Atlas only show a small group of Mexican relays, all of them in other ISP.
Tor client (and I2P) works well, and the hidden services too. Pluggable transports and/or the tor alpha make easy to bypass this little nuance.
Usually Telmex ISP does not implement any kind of wide censorship, is generally pretty open. I think this a very smart attack to tor infrastructure, it does not prevent tor in general, but almost all the exit traffic will go to outside the country, and little traffic will mix between Mexican tor clients that choose having a relay.
For me, I will try to make stone arguments for a little David/Goliath action, because Telmex works like "that is not a problem if others are not complaining" , "Facebook is working, right?"
On Thu, Feb 18, 2016 at 4:47 AM, Tim Wilson-Brown - teor <teor2345@gmail.com
wrote:
On 18 Feb 2016, at 14:40, Ricardo Malagon Jerez rjmalagon@gmail.com wrote:
I don't know how and why, but since January is impossible to have an exit relay in Telmex ISP. And is harder to reach authority nodes. Someone wrote about this, but is mid February and is the same. Tor 2.8 alpha works pretty good with the authority fallback measures, but I can't implement the exit relay or publish the relay.
Thanks for the feedback about the fallback directory mirrors feature - I am glad to hear that it's working as planned. But it only works for clients.
Relays need to be able to post their descriptors to the authorities. So they have to be able to reach at least one authority - they can't use only fallback directory mirrors.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Mirimir -
Ricardo Malagon Jerez -
Tim Wilson-Brown - teor