aboutsummaryrefslogtreecommitdiff
path: root/spec/dir-spec/scope-preliminaries.md
diff options
context:
space:
mode:
Diffstat (limited to 'spec/dir-spec/scope-preliminaries.md')
-rw-r--r--spec/dir-spec/scope-preliminaries.md140
1 files changed, 0 insertions, 140 deletions
diff --git a/spec/dir-spec/scope-preliminaries.md b/spec/dir-spec/scope-preliminaries.md
deleted file mode 100644
index 1025c04..0000000
--- a/spec/dir-spec/scope-preliminaries.md
+++ /dev/null
@@ -1,140 +0,0 @@
-<a id="dir-spec.txt-0"></a>
-
-# Scope and preliminaries
-
-This directory protocol is used by Tor version 0.2.0.x-alpha and later.
-See dir-spec-v1.txt for information on the protocol used up to the
-0.1.0.x series, and dir-spec-v2.txt for information on the protocol
-used by the 0.1.1.x and 0.1.2.x series.
-
-This document merges and supersedes the following proposals:
-
-- 101 Voting on the Tor Directory System
-- 103 Splitting identity key from regularly used signing key
-- 104 Long and Short Router Descriptors
-
-XXX timeline
-XXX fill in XXXXs
-
-The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
-NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
-"OPTIONAL" in this document are to be interpreted as described in
-RFC 2119.
-
-<a id="dir-spec.txt-0.1"></a>
-
-## History
-
-The earliest versions of Onion Routing shipped with a list of known
-routers and their keys. When the set of routers changed, users needed to
-fetch a new list.
-
-### The Version 1 Directory protocol
-
-Early versions of Tor (0.0.2) introduced "Directory authorities": servers
-that served signed "directory" documents containing a list of signed
-"server descriptors", along with short summary of the status of each
-router. Thus, clients could get up-to-date information on the state of
-the network automatically, and be certain that the list they were getting
-was attested by a trusted directory authority.
-
-Later versions (0.0.8) added directory caches, which download
-directories from the authorities and serve them to clients. Non-caches
-fetch from the caches in preference to fetching from the authorities, thus
-distributing bandwidth requirements.
-
-Also added during the version 1 directory protocol were "router status"
-documents: short documents that listed only the up/down status of the
-routers on the network, rather than a complete list of all the
-descriptors. Clients and caches would fetch these documents far more
-frequently than they would fetch full directories.
-
-### The Version 2 Directory Protocol
-
-During the Tor 0.1.1.x series, Tor revised its handling of directory
-documents in order to address two major problems:
-
-```text
- * Directories had grown quite large (over 1MB), and most directory
- downloads consisted mainly of server descriptors that clients
- already had.
-
- * Every directory authority was a trust bottleneck: if a single
- directory authority lied, it could make clients believe for a time
- an arbitrarily distorted view of the Tor network. (Clients
- trusted the most recent signed document they downloaded.) Thus,
- adding more authorities would make the system less secure, not
- more.
-```
-
-To address these, we extended the directory protocol so that
-authorities now published signed "network status" documents. Each
-network status listed, for every router in the network: a hash of its
-identity key, a hash of its most recent descriptor, and a summary of
-what the authority believed about its status. Clients would download
-the authorities' network status documents in turn, and believe
-statements about routers iff they were attested to by more than half of
-the authorities.
-
-Instead of downloading all server descriptors at once, clients
-downloaded only the descriptors that they did not have. Descriptors
-were indexed by their digests, in order to prevent malicious caches
-from giving different versions of a server descriptor to different
-clients.
-
-Routers began working harder to upload new descriptors only when their
-contents were substantially changed.
-
-<a id="dir-spec.txt-0.2"></a>
-
-### Goals of the version 3 protocol
-
-Version 3 of the Tor directory protocol tries to solve the following
-issues:
-
-```text
- * A great deal of bandwidth used to transmit server descriptors was
- used by two fields that are not actually used by Tor routers
- (namely read-history and write-history). We save about 60% by
- moving them into a separate document that most clients do not
- fetch or use.
-
- * It was possible under certain perverse circumstances for clients
- to download an unusual set of network status documents, thus
- partitioning themselves from clients who have a more recent and/or
- typical set of documents. Even under the best of circumstances,
- clients were sensitive to the ages of the network status documents
- they downloaded. Therefore, instead of having the clients
- correlate multiple network status documents, we have the
- authorities collectively vote on a single consensus network status
- document.
-
- * The most sensitive data in the entire network (the identity keys
- of the directory authorities) needed to be stored unencrypted so
- that the authorities can sign network-status documents on the fly.
- Now, the authorities' identity keys are stored offline, and used
- to certify medium-term signing keys that can be rotated.
-```
-
-<a id="dir-spec.txt-0.3"></a>
-
-## Some Remaining questions
-
-Things we could solve on a v3 timeframe:
-
-The SHA-1 hash is showing its age. We should do something about our
-dependency on it. We could probably future-proof ourselves here in
-this revision, at least so far as documents from the authorities are
-concerned.
-
-Too many things about the authorities are hardcoded by IP.
-
-Perhaps we should start accepting longer identity keys for routers
-too.
-
-Things to solve eventually:
-
-Requiring every client to know about every router won't scale forever.
-
-Requiring every directory cache to know every router won't scale
-forever.
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion