104-short-descriptors.txt 7.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181
  1. Filename: 104-short-descriptors.txt
  2. Title: Long and Short Router Descriptors
  3. Author: Nick Mathewson
  4. Created: Jan 2007
  5. Status: Closed
  6. Implemented-In: 0.2.0.x
  7. Overview:
  8. This document proposes moving unused-by-clients information from regular
  9. router descriptors into a new "extra info" router descriptor.
  10. Proposal:
  11. Some of the costliest fields in the current directory protocol are ones
  12. that no client actually uses. In particular, the "read-history" and
  13. "write-history" fields are used only by the authorities for monitoring the
  14. status of the network. If we took them out, the size of a compressed list
  15. of all the routers would fall by about 60%. (No other disposable field
  16. would save much more than 2%.)
  17. We propose to remove these fields from descriptors, and and have them
  18. uploaded as a part of a separate signed "extra info" to the authorities.
  19. This document will be signed. A hash of this document will be included in
  20. the regular descriptors.
  21. (We considered another design, where routers would generate and upload a
  22. short-form and a long-form descriptor. Only the short-form descriptor would
  23. ever be used by anybody for routing. The long-form descriptor would be
  24. used only for analytics and other tools. We decided against this because
  25. well-behaved tools would need to download short-form descriptors too (as
  26. these would be the only ones indexed), and hence get redundant info. Badly
  27. behaved tools would download only long-form descriptors, and expose
  28. themselves to partitioning attacks.)
  29. Other disposable fields:
  30. Clients don't need these fields, but removing them doesn't help bandwidth
  31. enough to be worthwhile.
  32. contact (save about 1%)
  33. fingerprint (save about 3%)
  34. We could represent these fields more succinctly, but removing them would
  35. only save 1%. (!)
  36. reject
  37. accept
  38. (Apparently, exit polices are highly compressible.)
  39. [Does size-on-disk matter to anybody? Some clients and servers don't
  40. have much disk, or have really slow disk (e.g. USB). And we don't
  41. store caches compressed right now. -RD]
  42. Specification:
  43. 1. Extra Info Format.
  44. An "extra info" descriptor contains the following fields:
  45. "extra-info" Nickname Fingerprint
  46. Identifies what router this is an extra info descriptor for.
  47. Fingerprint is encoded in hex (using upper-case letters), with
  48. no spaces.
  49. "published" As currently documented in dir-spec.txt. It MUST match the
  50. "published" field of the descriptor published at the same time.
  51. "read-history"
  52. "write-history"
  53. As currently documented in dir-spec.txt. Optional.
  54. "router-signature" NL Signature NL
  55. A signature of the PKCS1-padded hash of the entire extra info
  56. document, taken from the beginning of the "extra-info" line, through
  57. the newline after the "router-signature" line. An extra info
  58. document is not valid unless the signature is performed with the
  59. identity key whose digest matches FINGERPRINT.
  60. The "extra-info" field is required and MUST appear first. The
  61. router-signature field is required and MUST appear last. All others are
  62. optional. As for other documents, unrecognized fields must be ignored.
  63. 2. Existing formats
  64. Implementations that use "read-history" and "write-history" SHOULD
  65. continue accepting router descriptors that contain them. (Prior to
  66. 0.2.0.x, this information was encoded in ordinary router descriptors;
  67. in any case they have always been listed as opt, so they should be
  68. accepted anyway.)
  69. Add these fields to router descriptors:
  70. "extra-info-digest" Digest
  71. "Digest" is a hex-encoded digest (using upper-case characters)
  72. of the router's extra-info document, as signed in the router's
  73. extra-info. (If this field is absent, no extra-info-digest
  74. exists.)
  75. "caches-extra-info"
  76. Present if this router is a directory cache that provides
  77. extra-info documents, or an authority that handles extra-info
  78. documents.
  79. (Since implementations before 0.1.2.5-alpha required that the "opt"
  80. keyword precede any unrecognized entry, these keys MUST be preceded
  81. with "opt" until 0.1.2.5-alpha is obsolete.)
  82. 3. New communications rules
  83. Servers SHOULD generate and upload one extra-info document after each
  84. descriptor they generate and upload; no more, no less. Servers MUST
  85. upload the new descriptor before they upload the new extra-info.
  86. Authorities receiving an extra-info document SHOULD verify all of the
  87. following:
  88. * They have a router descriptor for some server with a matching
  89. nickname and identity fingerprint.
  90. * That server's identity key has been used to sign the extra-info
  91. document.
  92. * The extra-info-digest field in the router descriptor matches
  93. the digest of the extra-info document.
  94. * The published fields in the two documents match.
  95. Authorities SHOULD drop extra-info documents that do not meet these
  96. criteria.
  97. Extra-info documents MAY be uploaded as part of the same HTTP post as
  98. the router descriptor, or separately. Authorities MUST accept both
  99. methods.
  100. Authorities SHOULD try to fetch extra-info documents from one another if
  101. they do not have one matching the digest declared in a router
  102. descriptor.
  103. Caches that are running locally with a tool that needs to use extra-info
  104. documents MAY download and store extra-info documents. They should do
  105. so when they notice that the recommended descriptor has an
  106. extra-info-digest not matching any extra-info document they currently
  107. have. (Caches not running on a host that needs to use extra-info
  108. documents SHOULD NOT download or cache them.)
  109. 4. New URLs
  110. http://<hostname>/tor/extra/d/...
  111. http://<hostname>/tor/extra/fp/...
  112. http://<hostname>/tor/extra/all[.z]
  113. (As for /tor/server/ URLs: supports fetching extra-info documents
  114. by their digest, by the fingerprint of their servers, or all
  115. at once. When serving by fingerprint, we serve the extra-info
  116. that corresponds to the descriptor we would serve by that
  117. fingerprint. Only directory authorities are guaranteed to support
  118. these URLs.)
  119. http://<hostname>/tor/extra/authority[.z]
  120. (The extra-info document for this router.)
  121. Extra-info documents are uploaded to the same URLs as regular
  122. router descriptors.
  123. Migration:
  124. For extra info approach:
  125. * First:
  126. * Authorities should accept extra info, and support serving it.
  127. * Routers should upload extra info once authorities accept it.
  128. * Caches should support an option to download and cache it, once
  129. authorities serve it.
  130. * Tools should be updated to use locally cached information.
  131. These tools include:
  132. lefkada's exit.py script.
  133. tor26's noreply script and general directory cache.
  134. https://nighteffect.us/tns/ for its graphs
  135. and check with or-talk for the rest, once it's time.
  136. * Set a cutoff time for including bandwidth in router descriptors, so
  137. that tools that use bandwidth info know that they will need to fetch
  138. extra info documents.
  139. * Once tools that want bandwidth info support fetching extra info:
  140. * Have routers stop including bandwidth info in their router
  141. descriptors.