On 02/18/2016 04:24 AM, Tim Wilson-Brown - teor wrote: > >> On 18 Feb 2016, at 22:16, Mirimir <miri...@riseup.net> wrote: >> >> On 02/18/2016 03:47 AM, Tim Wilson-Brown - teor wrote: >>> >>>> On 18 Feb 2016, at 14:40, Ricardo Malagon Jerez <rjmala...@gmail.com> >>>> wrote: >>>> >>>> I don't know how and why, but since January is impossible to have an exit >>>> relay in Telmex ISP. >>>> And is harder to reach authority nodes. >>>> Someone wrote about this, but is mid February and is the same. >>>> Tor 2.8 alpha works pretty good with the authority fallback measures, but >>>> I can't implement the exit relay or publish the relay. >>> >>> Thanks for the feedback about the fallback directory mirrors feature - I am >>> glad to hear that it's working as planned. >>> But it only works for clients. >>> >>> Relays need to be able to post their descriptors to the authorities. So >>> they have to be able to reach at least one authority - they can't use only >>> fallback directory mirrors. >> >> Could relays somehow use bridges for that? > > > Relays could upload their descriptors to the authorities over 3-hop tor > circuits, like hidden services do to hidden service directories. > > But that doesn't solve the core issue: Tor assumes all relays can connect to > every other relay. If a relay can't reach the authorities, then that's 9 > relays it can't reach, and it's likely that other relays are also blocked.
Doh. And any network that blocked access to authorities could block access to all Tor relays. > We would need to answer the following questions before we allowed relays that > can't reach the authorities to bootstrap: > * how many other relays can each Tor relay reach at the moment? > * what's the minimum number of relays each relay should be able to reach to > be useful? > * how can we check if a relay can reach that many relays? > * should the relay do the check itself before it submits its descriptor, or > should the authorities or bandwidth authorities do the check? > > This requires some research and security analysis. Right. A relay that needs a bridge to reach other relays is relatively useless. And can perhaps hide malicious activity more easily too. > Tim > > Tim Wilson-Brown (teor) > > teor2345 at gmail dot com > PGP 968F094B > > teor at blah dot im > OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F > > > > > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
