summaryrefslogtreecommitdiff
path: root/doc/spec
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2007-05-11 10:41:59 +0000
committerNick Mathewson <nickm@torproject.org>2007-05-11 10:41:59 +0000
commit866313aafc8fd2d56a499711956d54d64bb34f7f (patch)
tree0f245e2a352b44666353972e650f18053c5179c5 /doc/spec
parent0331e1c6168520b447240070e76990915bde7f1c (diff)
downloadtor-866313aafc8fd2d56a499711956d54d64bb34f7f.tar.gz
tor-866313aafc8fd2d56a499711956d54d64bb34f7f.zip
r12726@catbus: nickm | 2007-05-11 06:41:47 -0400
Checkpoint some more dir-spec.txt edits. svn:r10165
Diffstat (limited to 'doc/spec')
-rw-r--r--doc/spec/dir-spec.txt97
1 files changed, 89 insertions, 8 deletions
diff --git a/doc/spec/dir-spec.txt b/doc/spec/dir-spec.txt
index c8a945f7cc..fffd431f79 100644
--- a/doc/spec/dir-spec.txt
+++ b/doc/spec/dir-spec.txt
@@ -172,7 +172,7 @@ $Id$
documents to find out when their list of routers is out-of-date.
(Directory authorities also use vote statuses.) If it is, they download
any missing router descriptors. Clients download missing descriptors
- from mirrors; mirrors and authorities download from authorities.
+ from caches; caches and authorities download from authorities.
Descriptors are downloaded by the hash of the descriptor, not by the
server's identity key: this prevents servers from attacking clients by
giving them descriptors nobody else uses.
@@ -690,12 +690,17 @@ $Id$
"published" SP YYYY-MM-DD SP HH:MM:SS NL
+ [Exactly once for votes; Does not occur in consensuses.]
+
+ The publication time for this status document (if a vote).
+
+ "valid-after" SP YYYY-MM-DD SP HH:MM:SS NL
+
[Exactly once.]
- The publication time for this status document (if a vote), or the
- start of the period for this vote (if a consensus).
+ The start of the Interval for this vote (if a consensus.)
- "valid-until"
+ "valid-until" SP YYYY-MM-DD SP HH:MM:SS NL
[Exactly once.]
@@ -909,7 +914,7 @@ $Id$
Given a set of votes, authorities compute the contents of the consensus
document as follows:
- The "published" is the latest of all published times on the votes.
+ The "valid-after" is the latest of all valid-after times on the votes.
The "valid-until" is the earliest of all valid-until times on the
votes.
@@ -936,11 +941,35 @@ $Id$
The signatures at the end of the document appear are sorted in
ascending order by identity digest.
-[CUTOFF HERE. STUFF BELOW THIS POINT HAS NOT YET BEEN UPDATED FROM V2.]
+3.4. Detached signatures
+
+ Assuming full connectivity, every authority should compute and sign the
+ same consensus directory in each period. Therefore, it isn't necessary to
+ download the consensus computed by each authority; instead, the
+ authorities only push/fetch each others' signatures. A "detached
+ signature" document contains items as follows:
+
+
+ "consensus-digest" SP Digest NL
+
+ [At start, at most once.]
+
+ The digest of the consensus being signed.
+
+ "valid-after" SP YYYY-MM-DD SP HH:MM:SS NL
+ "valid-until" SP YYYY-MM-DD SP HH:MM:SS NL
+
+ [As in the consensus]
+
+ "directory signature"
+
+ [As in the consensus; the signature object is the same as in the
+ consensus document.]
+
4. Directory server operation
- All directory authorities and directory mirrors ("directory servers")
+ All directory authorities and directory caches ("directory servers")
implement this section, except as noted.
4.1. Accepting uploads (authorities only)
@@ -971,7 +1000,59 @@ $Id$
descriptors, not to descriptors that the authority downloads from other
authorities.
-4.2. Downloading network-status documents (authorities and caches)
+ When a router posts a signed extra-info document to a directory authority,
+ the authority again checks it for well-formedness and correct signature,
+ and checks that its matches the extra-info-digest in some router
+ descriptor that it believes is currently useful. If so, it accepts it and
+ stores it and serves it as requested. If not, it drops it.
+
+4.2. Voting (authorities only)
+
+ Authorities divide time into Intervals. Authority administrators SHOULD
+ try to all pick the same interval length, and SHOULD pick intervals that
+ are commonly used divisions of time (e.g., 5 minutes, 15 minutes, 30
+ minutes, 60 minutes, 90 minutes). Voting intervals SHOULD be chosen to
+ divide evenly into a 24-hour day.
+
+ Authorities MUST take pains to ensure that their clocks remain accurate,
+ for example by running NTP.
+
+ The first voting period of each day begins at 00:00 (midnight) GMT. If
+ the last period of the day would be truncated by one-half or more, it is
+ merged with the second-to-last period.
+
+ An authority SHOULD publish its vote immediately at the start of each voting
+ period. It does this by making it available at
+ http://<hostname>/tor/status-vote/current/authority.z
+ and sending it in an HTTP POST request to each other authority at the URL
+ http://<hostname>/tor/post/vote
+
+ If, N minutes after the voting period has begun, an authority does not have
+ a current statement from another authority, the first authority retrieves
+ the other's statement.
+
+ Once an authority has a vote from another authority, it makes it available
+ at
+ http://<hostname>/tor/status-vote/current/<fp>.z
+ where <fp> is the fingerprint of the other authority's identity key.
+
+ The consensus status, along with as many signatures as the server
+ currently knows, should be available at
+ http://<hostname>/tor/status-vote/current/consensus.z
+ All of the detached signatures it knows for consensus status should be
+ available at:
+ http://<hostname>/tor/status-vote/current/consensus-signatures.z
+
+ Once an authority has computed and signed a consensus network status, it
+ should send its detached signature to each other authority in an HTTP POST
+ request to the URL:
+ http://<hostname>/tor/post/consensus-signature
+
+
+
+[XXXX CUTOFF HERE. STUFF BELOW THIS POINT HAS NOT YET BEEN UPDATED FROM V2.]
+
+4.3. Downloading consensus status documents (authorities caches only)
All directory servers (authorities and mirrors) try to keep a fresh
set of network-status documents from every authority. To do so,