158-microdescriptors.txt 8.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198
  1. Filename: 158-microdescriptors.txt
  2. Title: Clients download consensus + microdescriptors
  3. Author: Roger Dingledine
  4. Created: 17-Jan-2009
  5. Status: Open
  6. 0. History
  7. 15 May 2009: Substantially revised based on discussions on or-dev
  8. from late January. Removed the notion of voting on how to choose
  9. microdescriptors; made it just a function of the consensus method.
  10. (This lets us avoid the possibility of "desynchronization.")
  11. Added suggestion to use a new consensus flavor. Specified use of
  12. SHA256 for new hashes. -nickm
  13. 15 June 2009: Cleaned up based on comments from Roger. -nickm
  14. 1. Overview
  15. This proposal replaces section 3.2 of proposal 141, which was
  16. called "Fetching descriptors on demand". Rather than modifying the
  17. circuit-building protocol to fetch a server descriptor inline at each
  18. circuit extend, we instead put all of the information that clients need
  19. either into the consensus itself, or into a new set of data about each
  20. relay called a microdescriptor.
  21. Descriptor elements that are small and frequently changing should go
  22. in the consensus itself, and descriptor elements that are small and
  23. relatively static should go in the microdescriptor. If we ever end up
  24. with descriptor elements that aren't small yet clients need to know
  25. them, we'll need to resume considering some design like the one in
  26. proposal 141.
  27. Note also that any descriptor element which clients need to use to
  28. decide which servers to fetch info about, or which servers to fetch
  29. info from, needs to stay in the consensus.
  30. 2. Motivation
  31. See
  32. http://archives.seul.org/or/dev/Nov-2008/msg00000.html and
  33. http://archives.seul.org/or/dev/Nov-2008/msg00001.html and especially
  34. http://archives.seul.org/or/dev/Nov-2008/msg00007.html
  35. for a discussion of the options and why this is currently the best
  36. approach.
  37. 3. Design
  38. There are three pieces to the proposal. First, authorities will list in
  39. their votes (and thus in the consensus) the expected hash of
  40. microdescriptor for each relay. Second, authorities will serve
  41. microdescriptors, directory mirrors will cache and serve
  42. them. Third, clients will ask for them and cache them.
  43. 3.1. Consensus changes
  44. If the authorities choose a consensus method of a given version or
  45. later, a microdescriptor format is implicit in that version.
  46. A microdescriptor should in every case be a pure function of the
  47. router descriptor and the consensus method.
  48. In votes, we need to include the hash of each expected microdescriptor
  49. in the routerstatus section. I suggest a new "m" line for each stanza,
  50. with the base64 of the SHA256 hash of the router's microdescriptor.
  51. For every consensus method that an authority supports, it includes a
  52. separate "m" line in each router section of its vote, containing:
  53. "m" SP methods 1*(SP AlgorithmName "=" digest) NL
  54. where methods is a comma-separated list of the consensus methods
  55. that the authority believes will produce "digest".
  56. (As with base64 encoding of SHA1 hashes in consensuses, let's
  57. omit the trailing =s)
  58. The consensus microdescriptor-elements and "m" lines are then computed
  59. as described in Section 3.1.2 below.
  60. (This means we need a new consensus-method that knows
  61. how to compute the microdescriptor-elements and add "m" lines.)
  62. The microdescriptor consensus uses the directory-signature format from
  63. proposal 162, with the "sha256" algorithm.
  64. 3.1.1. Descriptor elements to include for now
  65. In the first version, the microdescriptor should contain the
  66. onion-key element, and the family element from the router descriptor,
  67. and the exit policy summary as currently specified in dir-spec.txt.
  68. 3.1.2. Computing consensus for microdescriptor-elements and "m" lines
  69. When we are generating a consensus, we use whichever m line
  70. unambiguously corresponds to the descriptor digest that will be
  71. included in the consensus.
  72. (If different votes have different microdescriptor digests for a
  73. single <descriptor-digest, consensus-method> pair, then at least one
  74. of the authorities is broken. If this happens, the consensus should
  75. contain whichever microdescriptor digest is most common. If there is
  76. no winner, we break ties in the favor of the lexically earliest.
  77. Either way, we should log a warning: there is definitely a bug.)
  78. The "m" lines in a consensus contain only the digest, not a list of
  79. consensus methods.
  80. 3.1.3. A new flavor of consensus
  81. Rather than inserting "m" lines in the current consensus format,
  82. they should be included in a new consensus flavor (see proposal
  83. 162).
  84. This flavor can safely omit descriptor digests.
  85. When we implement this voting method, we can remove the exit policy
  86. summary from the current "ns" flavor of consensus, since no current
  87. clients use them, and they take up about 5% of the compressed
  88. consensus.
  89. This new consensus flavor should be signed with the sha256 signature
  90. format as documented in proposal 162.
  91. 3.2. Directory mirrors fetch, cache, and serve microdescriptors
  92. Directory mirrors should fetch, catch, and serve each microdescriptor
  93. from the authorities. (They need to continue to serve normal relay
  94. descriptors too, to handle old clients.)
  95. The microdescriptors with base64 hashes <D1>,<D2>,<D3> should be
  96. available at:
  97. http://<hostname>/tor/micro/d/<D1>-<D2>-<D3>.z
  98. (We use base64 for size and for consistency with the consensus
  99. format. We use -s instead of +s to separate these items, since
  100. the + character is used in base64 encoding.)
  101. All the microdescriptors from the current consensus should also be
  102. available at:
  103. http://<hostname>/tor/micro/all.z
  104. so a client that's bootstrapping doesn't need to send a 70KB URL just
  105. to name every microdescriptor it's looking for.
  106. Microdescriptors have no header or footer.
  107. The hash of the microdescriptor is simply the hash of the concatenated
  108. elements.
  109. Directory mirrors should check to make sure that the microdescriptors
  110. they're about to serve match the right hashes (either the hashes from
  111. the fetch URL or the hashes from the consensus, respectively).
  112. We will probably want to consider some sort of smart data structure to
  113. be able to quickly convert microdescriptor hashes into the appropriate
  114. microdescriptor. Clients will want this anyway when they load their
  115. microdescriptor cache and want to match it up with the consensus to
  116. see what's missing.
  117. 3.3. Clients fetch them and cache them
  118. When a client gets a new consensus, it looks to see if there are any
  119. microdescriptors it needs to learn. If it needs to learn more than
  120. some threshold of the microdescriptors (half?), it requests 'all',
  121. else it requests only the missing ones. Clients MAY try to
  122. determine whether the upload bandwidth for listing the
  123. microdescriptors they want is more or less than the download
  124. bandwidth for the microdescriptors they do not want.
  125. Clients maintain a cache of microdescriptors along with metadata like
  126. when it was last referenced by a consensus, and which identity key
  127. it corresponds to. They keep a microdescriptor
  128. until it hasn't been mentioned in any consensus for a week. Future
  129. clients might cache them for longer or shorter times.
  130. 3.3.1. Information leaks from clients
  131. If a client asks you for a set of microdescs, then you know she didn't
  132. have them cached before. How much does that leak? What about when
  133. we're all using our entry guards as directory guards, and we've seen
  134. that user make a bunch of circuits already?
  135. Fetching "all" when you need at least half is a good first order fix,
  136. but might not be all there is to it.
  137. Another future option would be to fetch some of the microdescriptors
  138. anonymously (via a Tor circuit).
  139. Another crazy option (Roger's phrasing) is to do decoy fetches as
  140. well.
  141. 4. Transition and deployment
  142. Phase one, the directory authorities should start voting on
  143. microdescriptors, and putting them in the consensus.
  144. Phase two, directory mirrors should learn how to serve them, and learn
  145. how to read the consensus to find out what they should be serving.
  146. Phase three, clients should start fetching and caching them instead
  147. of normal descriptors.