diff options
Diffstat (limited to 'spec/dir-spec/computing-microdescriptors.md')
-rw-r--r-- | spec/dir-spec/computing-microdescriptors.md | 161 |
1 files changed, 161 insertions, 0 deletions
diff --git a/spec/dir-spec/computing-microdescriptors.md b/spec/dir-spec/computing-microdescriptors.md new file mode 100644 index 0000000..655c66a --- /dev/null +++ b/spec/dir-spec/computing-microdescriptors.md @@ -0,0 +1,161 @@ +<a id="dir-spec.txt-3.3"></a> + +# Computing microdescriptors + +Microdescriptors are a stripped-down version of server descriptors +generated by the directory authorities which may additionally contain +authority-generated information. Microdescriptors contain only the +most relevant parts that clients care about. Microdescriptors are +expected to be relatively static and only change about once per week. +Microdescriptors do not contain any information that clients need to +use to decide which servers to fetch information about, or which +servers to fetch information from. + +Microdescriptors are a straight transform from the server descriptor +and the consensus method. Microdescriptors have no header or footer. +Microdescriptors are identified by the hash of its concatenated +elements without a signature by the router. Microdescriptors do not +contain any version information, because their version is determined +by the consensus method. + +Starting with consensus method 8, microdescriptors contain the +following elements taken from or based on the server descriptor. Order +matters here, because different directory authorities must be able to +transform a given server descriptor and consensus method into the exact +same microdescriptor. + +"onion-key" NL a public key in PEM format + +\[Exactly once, at start\] +\[No extra arguments\] + +The "onion-key" element as specified in section 2.1.1. + +When generating microdescriptors for consensus method 30 or later, +the trailing = sign must be absent. For consensus method 29 or +earlier, the trailing = sign must be present. + +"ntor-onion-key" SP base-64-encoded-key NL + +\[Exactly once\] + +The "ntor-onion-key" element as specified in section 2.1.1. + +(Only included when generating microdescriptors for +consensus-method 16 or later.) + +\[Before Tor 0.4.5.1-alpha, this field was optional.\] + +"a" SP address ":" port NL + +\[Any number\] + +Additional advertised addresses for the OR. + +Present currently only if the OR advertises at least one IPv6 +address; currently, the first address is included and all others are +omitted. Any other IPv4 or IPv6 addresses should be ignored. + +Address and port are as for "or-address" as specified in +section 2.1.1. + +(Only included when generating microdescriptors for +consensus-methods 14 to 27.) + +"family" names NL + +\[At most once\] + +The "family" element as specified in section 2.1.1. + +When generating microdescriptors for consensus method 29 or later, +the following canonicalization algorithm is applied to improve +compression: + +```text + For all entries of the form $hexid=name or $hexid~name, + remove the =name or ~name portion. + + Remove all entries of the form $hexid, where hexid is not + 40 hexadecimal characters long. + + If an entry is a valid nickname, put it into lower case. + + If an entry is a valid $hexid, put it into upper case. + + If there are any entries, add a single $hexid entry for + the relay in question, so that it is a member of its own + family. + + Sort all entries in lexical order. + + Remove duplicate entries. +``` + +(Note that if an entry is not of the form "nickname", "$hexid", +"$hexid=nickname" or "$hexid~nickname", then it will be unchanged: +this is what makes the algorithm forward-compatible.) + +"p" SP ("accept" / "reject") SP PortList NL + +\[At most once.\] + +The exit-policy summary as specified in sections 3.4.1 and 3.8.2. + +\[With microdescriptors, clients don't learn exact exit policies: +clients can only guess whether a relay accepts their request, try the +BEGIN request, and might get end-reason-exit-policy if they guessed +wrong, in which case they'll have to try elsewhere.\] + +\[In consensus methods before 5, this line was omitted.\] + +"p6" SP ("accept" / "reject") SP PortList NL + +\[At most once\] + +The IPv6 exit policy summary as specified in sections 3.4.1 and +3.8.2. A missing "p6" line is equivalent to "p6 reject 1-65535". + +(Only included when generating microdescriptors for +consensus-method 15 or later.) + +"id" SP "rsa1024" SP base64-encoded-identity-digest NL + +\[At most once\] + +The node identity digest (as described in tor-spec.txt), base64 +encoded, without trailing =s. This line is included to prevent +collisions between microdescriptors. + +Implementations SHOULD ignore these lines: they are +added to microdescriptors only to prevent collisions. + +(Only included when generating microdescriptors for +consensus-method 18 or later.) + +"id" SP "ed25519" SP base64-encoded-ed25519-identity NL + +\[At most once\] + +The node's master Ed25519 identity key, base64 encoded, +without trailing =s. + +All implementations MUST ignore this key for any microdescriptor +whose corresponding entry in the consensus includes the +'NoEdConsensus' flag. + +(Only included when generating microdescriptors for +consensus-method 21 or later.) + +"id" SP keytype ... NL + +\[At most once per distinct keytype.\] + +Implementations MUST ignore "id" lines with unrecognized +key-types in place of "rsa1024" or "ed25519" + +(Note that with microdescriptors, clients do not learn the RSA identity of +their routers: they only learn a hash of the RSA identity key. This is +all they need to confirm the actual identity key when doing a TLS +handshake, and all they need to put the identity key digest in their +CREATE cells.) |