aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--dir-spec-v2.txt6
-rw-r--r--dir-spec.txt8
-rw-r--r--proposals/109-no-sharing-ips.txt17
3 files changed, 24 insertions, 7 deletions
diff --git a/dir-spec-v2.txt b/dir-spec-v2.txt
index 712be9e..553e565 100644
--- a/dir-spec-v2.txt
+++ b/dir-spec-v2.txt
@@ -482,6 +482,12 @@ $Id$
Directory server administrators may label some servers or IPs as
blacklisted, and elect not to include them in their network-status lists.
+ Authorities SHOULD 'disable' any servers in excess of 3 on any single
+ IP. When there are more than 3 to choose from, authorities should first
+ prefer Running to non-Running, and then prefer high-bandwidth to
+ low-bandwidth. To 'disable' a server, the authority *should* advertise
+ it without the Running or Valid flag.
+
Thus, the network-status list includes all non-blacklisted,
non-expired, non-superseded descriptors.
diff --git a/dir-spec.txt b/dir-spec.txt
index 4da1e97..1900fe3 100644
--- a/dir-spec.txt
+++ b/dir-spec.txt
@@ -968,7 +968,13 @@ $Id$
Directory server administrators may label some servers or IPs as
blacklisted, and elect not to include them in their network-status lists.
- Thus, the network-status list includes all non-blacklisted,
+ Authorities SHOULD 'disable' any servers in excess of 3 on any single
+ IP. When there are more than 3 to choose from, authorities should first
+ prefer Running to non-Running, and then prefer high-bandwidth to
+ low-bandwidth. To 'disable' a server, the authority *should* advertise
+ it without the Running or Valid flag.
+
+ Thus, the network-status vote includes all non-blacklisted,
non-expired, non-superseded descriptors.
3.4. Computing a consensus from a set of votes
diff --git a/proposals/109-no-sharing-ips.txt b/proposals/109-no-sharing-ips.txt
index 4a5f1a8..483b8b5 100644
--- a/proposals/109-no-sharing-ips.txt
+++ b/proposals/109-no-sharing-ips.txt
@@ -4,7 +4,7 @@ Version: $Revision$
Last-Modified: $Date$
Author: Kevin Bauer & Damon McCoy
Created: 9-March-2007
-Status: Accepted
+Status: Closed
Overview:
This document describes a solution to a Sybil attack vulnerability in the
@@ -34,14 +34,19 @@ Specification:
For each IP address, each directory authority tracks the number of routers
using that IP address, along with their total observed bandwidth. If there
are more than MAX_SERVERS_PER_IP servers at some IP, the authority should
- "disable" all but MAX_SERVERS_PER_IP servers. If the total observed
+ "disable" all but MAX_SERVERS_PER_IP servers. When choosing which servers
+ to disable, the authority should first disable non-Running servers in
+ increasing order of observed bandwidth, and then should disable Running
+ servers in increasing order of bandwidth.
+
+ [[ We don't actually do this part here. -NM
+
+ If the total observed
bandwidth of the remaining non-"disabled" servers exceeds MAX_BW_PER_IP,
the authority should "disable" some of the remaining servers until only one
server remains, or until the remaining observed bandwidth of non-"disabled"
- servers is under MAX_BW_PER_IP. When choosing which servers to disable,
- the authority should first disable non-Running servers in increasing order
- of observed bandwidth, and then should disable Running servers in
- increasing order of bandwidth.
+ servers is under MAX_BW_PER_IP.
+ ]]
Servers that are "disabled" MUST be marked as non-Valid and non-Running.
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion