Opened 8 years ago

Closed 4 years ago

#4537 closed defect (fixed)

Make tor26 not v1 dir auth anymore?

Reported by: arma Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Keywords: tor-auth
Cc: weasel Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

tor26 is getting clobbered by, among other things, the fact that it's the lone last v1 dir auth.

I think that means clients of certain versions (which ones?) still publish their v0 hidden service descriptor to it, and still try to fetch a v0 hidserv desc from it. Including all the circuit extends involved in doing those fetches privately.

We should discourage people from using it as a v1 authority, or a v0 hidserv authority.

We could take the 'v1' out of its stanza in config.c, in 0.2.2 and 0.2.3. But, would that do much good?

Child Tickets

Change History (9)

comment:1 in reply to:  description Changed 8 years ago by troll_un

Replying to arma:

We could take the 'v1' out of its stanza in config.c, in 0.2.2 and 0.2.3. But, would that do much good?

Only if you move auth to new addr too, so old clients couldn't find it and use.

comment:2 Changed 8 years ago by nickm

Milestone: Tor: unspecified

comment:3 Changed 8 years ago by Sebastian

Cc: weasel added

New evidence makes me think this is even more a good idea. Weasel had these kinds of stats for the questions that people ask tor26:

nova:/var/log/tor# sed < rewrite.log -e 's#^[^/]*/#/#; s#[^/]*$##; s#/tor/micro/d/.*#/tor/micro/d/#' | sort | uniq -c | sort -n
      2 /tor/status-vote/next/
      8 /tor/status-vote/current/d/
     14 /tor/post/
     28 /tor/status-vote/current/consensus-microdesc/
     41 /tor/rendezvous2/
     74 /tor/micro/d/
    213 /tor/keys/
    356 /tor/extra/d/
    378 /tor/server/
    505 /tor/status-vote/current/consensus/
    735 /tor/status-vote/current/
    856 /tor/status/
    872 /tor/keys/fp/
   2455 /tor/server/d/
  10989 /tor/
  65071 /tor/status/fp/
 908045 /tor/rendezvous/

Some first ideas were to make tor26 disappear from the consensus (for a while (to see what happens)), and everything lined out in the ticket here.

comment:4 in reply to:  description ; Changed 8 years ago by rransom

Replying to arma:

tor26 is getting clobbered by, among other things, the fact that it's the lone last v1 dir auth.

I think that means clients of certain versions (which ones?) still publish their v0 hidden service descriptor to it, and still try to fetch a v0 hidserv desc from it. Including all the circuit extends involved in doing those fetches privately.

This is the reason tor26 is getting pounded. The fact that it is also a v1 directory authority is not relevant.

Only Tor 0.2.1.x and earlier still use the v0 hidden service directory protocol; Tor 0.2.1.x stable versions also try to use the v2 HS directory protocol, so breaking their v0 HS directory support shouldn't hurt them. Unfortunately, if we want to make clients stop extending circuits to tor26 in order to use it as a v0 HS authority, we will need to change tor26's v3 long-term identity key (so that clients will not be able to extend circuits over existing links to tor26).

We could take the 'v1' out of its stanza in config.c, in 0.2.2 and 0.2.3. But, would that do much good?

None at all.

comment:5 in reply to:  4 Changed 8 years ago by Sebastian

Replying to rransom:

Only Tor 0.2.1.x and earlier still use the v0 hidden service directory protocol; Tor 0.2.1.x stable versions also try to use the v2 HS directory protocol, so breaking their v0 HS directory support shouldn't hurt them. Unfortunately, if we want to make clients stop extending circuits to tor26 in order to use it as a v0 HS authority, we will need to change tor26's v3 long-term identity key (so that clients will not be able to extend circuits over existing links to tor26).

And if we do that, old clients will still forever mob us to get the key they want, I assume. Fun

comment:6 Changed 7 years ago by nickm

Keywords: tor-auth added

comment:7 Changed 7 years ago by nickm

Component: Tor Directory AuthorityTor

comment:8 Changed 5 years ago by arma

Is this one done?

comment:9 Changed 4 years ago by weasel

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.