Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: d230827912
Branches Tags
tor-parallel...
/
doc
/
spec
/
proposals
/
141-jit-sd-downloads.txt

141-jit-sd-downloads.txt 14 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323 
  1. Filename: 141-jit-sd-downloads.txt
    2. 

  2. Title: Download server descriptors on demand
    3. 

  3. Author: Peter Palfrader
    4. 

  4. Created: 15-Jun-2008
    5. 

  5. Status: Draft
    6. 

  6. 

  7. 1. Overview
    8. 

  8. 

  9.   Downloading all server descriptors is the most expensive part
    10. 

  10.   of bootstrapping a Tor client.  These server descriptors currently
    11. 

  11.   amount to about 1.5 Megabytes of data, and this size will grow
    12. 

  12.   linearly with network size.
    13. 

  13. 

  14.   Fetching all these server descriptors takes a long while for people
    15. 

  15.   behind slow network connections.  It is also a considerable load on
    16. 

  16.   our network of directory mirrors.
    17. 

  17. 

  18.   This document describes proposed changes to the Tor network and
    19. 

  19.   directory protocol so that clients will no longer need to download
    20. 

  20.   all server descriptors.
    21. 

  21. 

  22.   These changes consist of moving load balancing information into
    23. 

  23.   network status documents, implementing a means to download server
    24. 

  24.   descriptors on demand in an anonymity-preserving way, and dealing
    25. 

  25.   with exit node selection.
    26. 

  26. 

  27. 2. What is in a server descriptor
    28. 

  28. 

  29.   When a Tor client starts the first thing it will try to get is a
    30. 

  30.   current network status document: a consensus signed by a majority
    31. 

  31.   of directory authorities.  This document is currently about 100
    32. 

  32.   Kilobytes in size, tho it will grow linearly with network size.
    33. 

  33.   This document lists all servers currently running on the network.
    34. 

  34.   The Tor client will then try to get a server descriptor for each
    35. 

  35.   of the running servers.  All server descriptors currently amount
    36. 

  36.   to about 1.5 Megabytes of downloads.
    37. 

  37. 

  38.   A Tor client learns several things about a server from its descriptor.
    39. 

  39.   Some of these it already learned from the network status document
    40. 

  40.   published by the authorities, but the server descriptor contains it
    41. 

  41.   again in a single statement signed by the server itself, not just by
    42. 

  42.   the directory authorities.
    43. 

  43. 

  44.   Tor clients use the information from server descriptors for
    45. 

  45.   different purposes, which are considered in the following sections.
    46. 

  46. 

  47.   #three ways:  One, to determine if a server will be able to handle
    48. 

  48.   #this client's request; two, to actually communicate or use the server;
    49. 

  49.   #three, for load balancing decisions.
    50. 

  50.   #
    51. 

  51.   #These three points are considered in the following subsections.
    52. 

  52. 

  53. 2.1 Load balancing
    54. 

  54. 

  55.   The Tor load balancing mechanism is quite complex in its details, but
    56. 

  56.   it has a simple goal: The more traffic a server can handle the more
    57. 

  57.   traffic it should get.  That means the more traffic a server can
    58. 

  58.   handle the more likely a client will use it.
    59. 

  59. 

  60.   For this purpose each server descriptor has bandwidth information
    61. 

  61.   which tries to convey a server's capacity to clients.
    62. 

  62. 

  63.   Currently we weigh servers differently for different purposes.  There
    64. 

  64.   is a weight for when we use a server as a guard node (our entry to the
    65. 

  65.   Tor network), there is one weight we assign servers for exit duties,
    66. 

  66.   and a third for when we need intermediate (middle) nodes.
    67. 

  67. 

  68. 2.2 Exit information
    69. 

  69. 

  70.   When a Tor wants to exit to some resource on the internet it will
    71. 

  71.   build a circuit to an exit node that allows access to that resource's
    72. 

  72.   IP address and TCP Port.
    73. 

  73. 

  74.   When building that circuit the client can make sure that the circuit
    75. 

  75.   ends at a server that will be able to fulfill the request because the
    76. 

  76.   client already learned of all the servers' exit policies from their
    77. 

  77.   descriptors.
    78. 

  78. 

  79. 2.3 Capability information
    80. 

  80. 

  81.   Server descriptors contain information about the specific version of
    82. 

  82.   the Tor protocol they understand [proposal 105].
    83. 

  83. 

  84.   Furthermore the server descriptor also contains the exact version of
    85. 

  85.   the Tor software that the server is running and some decisions are
    86. 

  86.   made based on the server version number (for instance a Tor client
    87. 

  87.   will only make conditional consensus requests [proposal 139] when
    88. 

  88.   talking to Tor servers version 0.2.1.1-alpha or later).
    89. 

  89. 

  90. 2.4 Contact/key information
    91. 

  91. 

  92.   A server descriptor lists a server's IP address and TCP ports on which
    93. 

  93.   it accepts onion and directory connections.  Furthermore it contains
    94. 

  94.   the onion key (a short lived RSA key to which clients encrypt CREATE
    95. 

  95.   cells).
    96. 

  96. 

  97. 2.5 Identity information
    98. 

  98. 

  99.   A Tor client learns the digest of a server's key from the network
    100. 

  100.   status document.  Once it has a server descriptor this descriptor
    101. 

  101.   contains the full RSA identity key of the server.  Clients verify
    102. 

  102.   that 1) the digest of the identity key matches the expected digest
    103. 

  103.   it got from the consensus, and 2) that the signature on the descriptor
    104. 

  104.   from that key is valid.
    105. 

  105. 

  106. 

  107. 3. No longer require clients to have copies of all SDs
    108. 

  108. 

  109. 3.1 Load balancing info in consensus documents
    110. 

  110. 

  111.   One of the reasons why clients download all server descriptors is for
    112. 

  112.   doing load proper load balancing as described in 2.1.  In order for
    113. 

  113.   clients to not require all server descriptors this information will
    114. 

  114.   have to move into the network status document.
    115. 

  115. 

  116.   Consensus documents will have a new line per router similar
    117. 

  117.   to the "r", "s", and "v" lines that already exist.  This line
    118. 

  118.   will convey weight information to clients.
    119. 

  119. 

  120.    "w Bandwidth=193"
    121. 

  121. 

  122.   The bandwidth number is the lesser of observed bandwidth and bandwidth
    123. 

  123.   rate limit from the server descriptor that the "r" line referenced by
    124. 

  124.   digest (1st and 3rd field of the bandwidth line in the descriptor).
    125. 

  125.   It is given in kilobytes per second so the byte value in the
    126. 

  126.   descriptor has to be divided by 1024 (and is then truncated, i.e.
    127. 

  127.   rounded down).
    128. 

  128. 

  129.   Authorities will cap the bandwidth number at some arbitrary value,
    130. 

  130.   currently 10MB/sec.  If a router claims a larger bandwidth an
    131. 

  131.   authority's vote will still only show Bandwidth=10240.
    132. 

  132. 

  133.   The consensus value for bandwidth is the median of all bandwidth
    134. 

  134.   numbers given in votes.  In case of an even number of votes we use
    135. 

  135.   the lower median.  (Using this procedure allows us to change the
    136. 

  136.   cap value more easily.)
    137. 

  137. 

  138.   Clients should believe the bandwidth as presented in the consensus,
    139. 

  139.   not capping it again.
    140. 

  140. 

  141. 3.2 Fetching descriptors on demand
    142. 

  142. 

  143.   As described in 2.4 a descriptor lists IP address, OR- and Dir-Port,
    144. 

  144.   and the onion key for a server.
    145. 

  145. 

  146.   A client already knows the IP address and the ports from the consensus
    147. 

  147.   documents, but without the onion key it will not be able to send
    148. 

  148.   CREATE/EXTEND cells for that server.  Since the client needs the onion
    149. 

  149.   key it needs the descriptor.
    150. 

  150. 

  151.   If a client only downloaded a few descriptors in an observable manner
    152. 

  152.   then that would leak which nodes it was going to use.
    153. 

  153. 

  154.   This proposal suggests the following:
    155. 

  155. 

  156.   1) when connecting to a guard node for which the client does not
    157. 

  157.      yet have a cached descriptor it requests the descriptor it
    158. 

  158.      expects by hash.  (The consensus document that the client holds
    159. 

  159.      has a hash for the descriptor of this server.  We want exactly
    160. 

  160.      that descriptor, not a different one.)
    161. 

  161. 

  162.      It does that by sending a RELAY_REQUEST_SD cell.
    163. 

  163. 

  164.      A client MAY cache the descriptor of the guard node so that it does
    165. 

  165.      not need to request it every single time it contacts the guard.
    166. 

  166. 

  167.   2) when a client wants to extend a circuit that currently ends in
    168. 

  168.      server B to a new next server C, the client will send a
    169. 

  169.      RELAY_REQUEST_SD cell to server B.  This cell contains in its
    170. 

  170.      payload the hash of a server descriptor the client would like
    171. 

  171.      to obtain (C's server descriptor).  The server sends back the
    172. 

  172.      descriptor and the client can now form a valid EXTEND/CREATE cell
    173. 

  173.      encrypted to C's onion key.
    174. 

  174. 

  175.      Clients MUST NOT cache such descriptors.  If they did they might
    176. 

  176.      leak that they already extended to that server at least once
    177. 

  177.      before.
    178. 

  178. 

  179.   Replies to RELAY_REQUEST_SD requests need to be padded to some
    180. 

  180.   constant upper limit in order to conceal a client's destination
    181. 

  181.   from anybody who might be counting cells/bytes.
    182. 

  182. 

  183.   RELAY_REQUEST_SD cells contain the following information:
    184. 

  184.     - hash of the server descriptor requested
    185. 

  185.     - hash of the identity digest of the server for which we want the SD
    186. 

  186.     - IP address and OR-port or the server for which we want the SD
    187. 

  187.     - padding factor - the number of cells we want the answer
    188. 

  188.       padded to.
    189. 

  189.       [XXX this just occured to me and it might be smart.  or it might
    190. 

  190.        be stupid.  clients would learn the padding factor they want
    191. 

  191.        to use from the consensus document.  This allows us to grow
    192. 

  192.        the replies later on should SDs become larger.]
    193. 

  193.   [XXX: figure out a decent padding size]
    194. 

  194. 

  195. 3.3 Protocol versions
    196. 

  196. 

  197.   Server descriptors contain optional information of supported
    198. 

  198.   link-level and circuit-level protocols in the form of
    199. 

  199.   "opt protocols Link 1 2 Circuit 1".  These are not currently needed
    200. 

  200.   and will probably eventually move into the "v" (version) line in
    201. 

  201.   the consensus.  This proposal does not deal with them.
    202. 

  202. 

  203.   Similarly a server descriptor contains the version number of
    204. 

  204.   a Tor node.  This information is already present in the consensus
    205. 

  205.   and is thus available to all clients immediately.
    206. 

  206. 

  207. 3.4 Exit selection
    208. 

  208. 

  209.   Currently finding an appropriate exit node for a user's request is
    210. 

  210.   easy for a client because it has complete knowledge of all the exit
    211. 

  211.   policies of all servers on the network.
    212. 

  212. 

  213.   The consensus document will once again be extended to contain the
    214. 

  214.   information required by clients.  This information will be a summary
    215. 

  215.   of each node's exit policy.  The exit policy summary will only contain
    216. 

  216.   the list of ports to which a node exits to most destination IP
    217. 

  217.   addresses.
    218. 

  218. 

  219.   A summary should claim a router exits to a specific TCP port if,
    220. 

  220.   ignoring private IP addresses, the exit policy indicates that the
    221. 

  221.   router would exit to this port to most IP address.  either two /8
    222. 

  222.   netblocks, or one /8 and a couple of /12s or any other combination).
    223. 

  223.   The exact algorith used is this:  Going through all exit policy items
    224. 

  224.    - ignore any accept that is not for all IP addresses ("*"),
    225. 

  225.    - ignore rejects for these netblocks (exactly, no subnetting):
    226. 

  226.      0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8,
    227. 

  227.      and 172.16.0.0/12m
    228. 

  228.    - for each reject count the number of IP addresses rejected against
    229. 

  229.      the affected ports,
    230. 

  230.    - once we hit an accept for all IP addresses ("*") add the ports in
    231. 

  231.      that policy item to the list of accepted ports, if they don't have
    232. 

  232.      more than 2^25 IP addresses (that's two /8 networks) counted
    233. 

  233.      against them (i.e. if the router exits to a port to everywhere but
    234. 

  234.      at most two /8 networks).
    235. 

  235. 

  236.   An exit policy summary will be included in votes and consensus as a
    237. 

  237.   new line attached to each exit node.  The line will have the format
    238. 

  238.    "p" <space> "accept"|"reject" <portlist>
    239. 

  239.   where portlist is a comma seperated list of single port numbers or
    240. 

  240.   portranges (e.g.  "22,80-88,1024-6000,6667").
    241. 

  241. 

  242.   Whether the summary shows the list of accepted ports or the list of
    243. 

  243.   rejected ports depends on which list is shorter (has a shorter string
    244. 

  244.   representation).  In case of ties we choose the list of accepted
    245. 

  245.   ports.  As an exception to this rule an allow-all policy is
    246. 

  246.   represented as "accept 1-65535" instead of "reject " and a reject-all
    247. 

  247.   policy is similarly given as "reject 1-65535".
    248. 

  248. 

  249.   Summary items are compressed, that is instead of "80-88,89-100" there
    250. 

  250.   only is a single item of "80-100", similarly instead of "20,21" a
    251. 

  251.   summary will say "20-21".
    252. 

  252. 

  253.   Port lists are sorted in ascending order.
    254. 

  254. 

  255.   The maximum allowed length of a policy summary (including the "accept "
    256. 

  256.   or "reject ") is 1000 characters.  If a summary exceeds that length we
    257. 

  257.   use an accept-style summary and list as much of the port list as is
    258. 

  258.   possible within these 1000 bytes.
    259. 

  259. 

  260. 3.4.1 Consensus selection
    261. 

  261. 

  262.   When building a consensus, authorities have to agree on a digest of
    263. 

  263.   the server descriptor to list in the router line for each router.
    264. 

  264.   This is documented in dir-spec section 3.4.
    265. 

  265. 

  266.   All authorities that listed that agreed upon descriptor digest in
    267. 

  267.   their vote should also list the same exit policy summary - or list
    268. 

  268.   none at all if the authority has not been upgraded to list that
    269. 

  269.   information in their vote.
    270. 

  270. 

  271.   If we have votes with matching server descriptor digest of which at
    272. 

  272.   least one of them has an exit policy then we differ between two cases:
    273. 

  273.    a) all authorities agree (or abstained) on the policy summary, and we
    274. 

  274.       use the exit policy summary that they all listed in their vote,
    275. 

  275.    b) something went wrong (or some authority is playing foul) and we
    276. 

  276.       have different policy summaries.  In that case we pick the one
    277. 

  277.       that is most commonly listed in votes with the matching
    278. 

  278.       descriptor.  We break ties in favour of the lexigraphically larger
    279. 

  279.       vote.
    280. 

  280. 

  281.   If none one of the votes with a matching server descriptor digest has
    282. 

  282.   an exit policy summary we use the most commonly listed one in all
    283. 

  283.   votes, breaking ties like in case b above.
    284. 

  284. 

  285. 3.4.2 Client behaviour
    286. 

  286. 

  287.   When choosing an exit node for a specific request a Tor client will
    288. 

  288.   choose from the list of nodes that exit to the requested port as given
    289. 

  289.   by the consensus document.  If a client has additional knowledge (like
    290. 

  290.   cached full descriptors) that indicates the so chosen exit node will
    291. 

  291.   reject the request then it MAY use that knowledge (or not include such
    292. 

  292.   nodes in the selection to begin with).  However, clients MUST NOT use
    293. 

  293.   nodes that do not list the port as accepted in the summary (but for
    294. 

  294.   which they know that the node would exit to that address from other
    295. 

  295.   sources, like a cached descriptor).
    296. 

  296. 

  297.   An exception to this is exit enclave behaviour: A client MAY use the
    298. 

  298.   node at a specific IP address to exit to any port on the same address
    299. 

  299.   even if that node is not listed as exiting to the port in the summary.
    300. 

  300. 

  301. 4. Migration
    302. 

  302. 

  303. 4.1 Consensus document changes.
    304. 

  304. 

  305.   The consensus will need to include
    306. 

  306.     - bandwidth information (see 3.1)
    307. 

  307.     - exit policy summaries (3.4)
    308. 

  308. 

  309.   A new consensus method (number TBD) will be chosen for this.
    310. 

  310. 

  311. 5. Future possibilities
    312. 

  312. 

  313.   This proposal still requires that all servers have the descriptors of
    314. 

  314.   every other node in the network in order to answer RELAY_REQUEST_SD
    315. 

  315.   cells.  These cells are sent when a circuit is extended from ending at
    316. 

  316.   node B to a new node C.  In that case B would have to answer a
    317. 

  317.   RELAY_REQUEST_SD cell that asks for C's server descriptor (by SD digest).
    318. 

  318. 

  319.   In order to answer that request B obviously needs a copy of C's server
    320. 

  320.   descriptor.  The RELAY_REQUEST_SD cell already has all the info that
    321. 

  321.   B needs to contact C so it can ask about the descriptor before passing it
    322. 

  322.   back to the client.
    323. 

  323.