[tor-bugs] #6790 [Tor Directory Authority]: Directory mirrors should accept, aggregate and hand off descriptors to dirauths
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Sep 7 19:58:59 UTC 2012
#6790: Directory mirrors should accept, aggregate and hand off descriptors to
dirauths
-------------------------------------+--------------------------------------
Reporter: mikeperry | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor Directory Authority | Version:
Keywords: | Parent: #2664
Points: | Actualpoints:
-------------------------------------+--------------------------------------
Comment(by mikeperry):
Other thoughts: The aggreation/de-dupping step should also include the
usual orport tests done by the dirauths themselves, to reduce the burden
on the dirauths.
The other reason to prefer a push method is that we could simply re-use
the dirauth code that accepts descriptors currently, but relax it to allow
descriptors to come from any valid dir mirror currently listed in the
consensus.
If misbehaving dir mirrors begin participating in the DoS by submitting
unreachable or otherwise bogus unverified descriptors, they could be added
to the firewall or to de-listed in approved-routers in an ad-hoc fashion
by the dirauth operator.
It may also be the case that this would also allow misbehaving dir mirrors
to induce a form of portscan bounce through the dirauths by spoofing
descriptors, but the existing two-descriptor-per-IP limits should mitigate
that, I think.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6790#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list