[tor-commits] [torspec/master] Noting maximum number of fingerprints/hashes that can be queried
nickm at torproject.org
nickm at torproject.org
Wed Jul 17 16:50:33 UTC 2013
commit 521858515c32e8bfa6baa31381e5dcc20dc064f1
Author: Damian Johnson <atagar at torproject.org>
Date: Wed Jul 17 09:17:07 2013 -0700
Noting maximum number of fingerprints/hashes that can be queried
In our tor-dev@ discussion Karsten mentioned that we could request at most 96
descriptors at a time when polling by their fingerprints...
https://lists.torproject.org/pipermail/tor-dev/2013-June/005005.html
This is a hardcoded limit in tor, so noting it in our spec...
https://gitweb.torproject.org/tor.git/blob/HEAD:/src/or/routerlist.c#l4435
---
dir-spec.txt | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/dir-spec.txt b/dir-spec.txt
index dd25bfb..b6f3d84 100644
--- a/dir-spec.txt
+++ b/dir-spec.txt
@@ -2504,6 +2504,9 @@
they're about to serve match the right hashes (either the hashes from
the fetch URL or the hashes from the consensus, respectively).
+ (NOTE: Due to squid proxy url limitations at most 92 microdescrriptor hashes
+ can be retrieved in a single request.)
+
4.6. Downloading and storing extra-info documents
All authorities, and any cache that chooses to cache extra-info documents,
@@ -2530,6 +2533,9 @@
Starting with Tor version 0.2.1.1-alpha is also available at:
http://<hostname>/tor/status-vote/current/consensus/<F1>+<F2>+<F3>.z
+ (NOTE: Due to squid proxy url limitations at most 96 fingerprints can be
+ retrieved in a single request.)
+
Where F1, F2, etc. are authority identity fingerprints the client trusts.
Servers will only return a consensus if more than half of the requested
authorities have signed the document, otherwise a 404 error will be sent
@@ -2577,7 +2583,10 @@
<F1>,<F2>,<F3> should be available at:
http://<hostname>/tor/server/fp/<F1>+<F2>+<F3>.z
- (NOTE: Implementations SHOULD NOT download descriptors by identity key
+ (NOTE: Due to squid proxy url limitations at most 96 fingerprints can be
+ retrieved in a single request.
+
+ Implementations SHOULD NOT download descriptors by identity key
fingerprint. This allows a corrupted server (in collusion with a cache) to
provide a unique descriptor to a client, and thereby partition that client
from the rest of the network.)
More information about the tor-commits
mailing list