113-fast-authority-interface.txt 3.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081
  1. Filename: 113-fast-authority-interface.txt
  2. Title: Simplifying directory authority administration
  3. Version: $Revision$
  4. Last-Modified: $Date$
  5. Author: Nick Mathewson
  6. Created:
  7. Status: Open
  8. Overview
  9. The problem:
  10. Administering a directory authority is a pain: you need to go through
  11. emails and manually add new nodes as "named". When bad things come up,
  12. you need to mark nodes (or whole regions) as invalid, badexit, etc.
  13. This means that mostly, authority admins don't: only 2/4 current authority
  14. admins actually bind names or list bad exits, and those two have often
  15. complained about how annoying it is to do so.
  16. Worse, name binding is a common path, but it's a pain in the neck: nobody
  17. has done it for a couple of months.
  18. Digression: who knows what?
  19. It's trivial for Tor to automatically keep track of all of the
  20. following information about a server:
  21. name, fingerprint, IP, last-seen time, first-seen time, declared
  22. contact.
  23. All we need to have the administrator set is:
  24. - Is this name/fingerprint pair bound?
  25. - Is this fingerprint/IP a bad exit?
  26. - Is this fingerprint/IP an invalid node?
  27. - Is this fingerprint/IP to be rejected?
  28. The workflow for authority admins has two parts:
  29. - Periodically, go through tor-ops and add new names. This doesn't
  30. need to be done urgently.
  31. - Less often, mark badly behaved serves as badly behaved. This is more
  32. urgent.
  33. Possible solution #1: Web-interface for name binding.
  34. Deprecate use of the tor-ops mailing list; instead, have operators go to a
  35. webform and enter their server info. This would put the information in a
  36. standardized format, thus allowing quick, nearly-automated approval and
  37. reply.
  38. Possible solution #2: Self-binding names.
  39. Peter Palfrader has proposed that names be assigned automatically to nodes
  40. that have been up and running and valid for a while.
  41. Possible solution #3: Self-maintaining approved-routers file
  42. Mixminion alpha has a neat feature where whenever a new server is seen,
  43. a stub line gets added to a configuration file. For Tor, it could look
  44. something like this:
  45. ## First seen with this key on 2007-04-21 13:13:14
  46. ## Stayed up for at least 12 hours on IP 192.168.10.10
  47. #RouterName AAAABBBBCCCCDDDDEFEF
  48. (Note that the implementation needs to parse commented lines to make sure
  49. that it doesn't add duplicates, but that's not so hard.)
  50. To add a router as named, administrators would only need to uncomment the
  51. entry. This automatically maintained file could be kept separately from a
  52. manually maintained one.
  53. This could be combined with solution #2, such that Tor would do the hard
  54. work of uncommenting entries for routers that should get Named, but
  55. operators could override its decisions.
  56. Possible solution #4: A separate mailing list for authority operators.
  57. Right now, the tor-ops list is very high volume. There should be another
  58. list that's only for dealing with problems that need prompt action, like
  59. marking a router as !badexit.