Thus spake Roger Dingledine ([EMAIL PROTECTED]): > On Sun, Aug 27, 2006 at 10:49:46PM -0500, Mike Perry wrote: > > An interface to suck a signature-verified directory out of Tor via the > > control-port or some other means would also be nice. > > I noticed from your earlier statement that you're using the v1 directory > format. This is obsolete, and any v1 directories you may run across > will likely not contain complete information anymore (this includes the > output of the scripts at serifos, which haven't been upgraded yet). See > http://tor.eff.org/svn/trunk/doc/dir-spec.txt for the v2 format > (introduced in Tor 0.1.1.x), which involves fetching network-statuses > and server descriptors independently.
Gah. I just assumed that hitting a 0.1.1.x dir server at the tor directory url (eg http://moria.mit.edu:9031/tor/) pulled down the complete v2 directory version, and the rest of the spec governed proccess for updates.. This is not the case? They /have/ to be feteched sepately based on the network status or they may be incomplete/missing? > If you want your Tor controller to have up to date descriptors and > network statuses, you can Wow so this is exactly what I meant.. Heh. Completely didn't see it in the control port spec. > 1) Read them out of the $datadir yourself, from "cached-routers*" and > "cached-status/*" > > 2) Listen for "newdesc" events, and ask us why there is no "newstatus" > event. (Good point, I've just put that on the todo list.) > > 3) Send "getinfo desc/all-recent" and "getinfo network-status". This > won't give you the full set of network-status strings though. > > 4) Turn on your dirport and send "getinfo dir/status/all" and > "getinfo dir/server/all". > > Personally, I would go for #4. Note that for any of these, you may want > to set your FetchUselessDescriptors torrc variable (see man page). Why is it that getinfo desc/all-recent and getinfo network-status is different than the dir/status/all, dir/server/all messages? Shouldn't they converge to the same thing once the client has been running long enough to download all the routers it sees in network-status? Is there any reason I would want to try to use a Useless descriptor? I assumed Useless (starts with ! in network status, right?) meant unreachable/unresponsive. > > Ok, I will consider rewriting it for this python interface. Have to > > learn python first, which has been on my TODO list for some time, so > > hopefully it will happen. I would guess the directory notification > > interface won't appear for a while in Tor either, so I probably have > > time. When 0.1.2 stabilizes? > > Yep. Especially if you help us figure out what interface you want. :) Hrmm. I definitely have to run this thing for a while first.. Lots of assurance issues with actually having it inform the dirservers about a bad node, especially with this Privoxy noise randomly being inserted on the wire. Suppose using just plain socks will cut that out, but then I have to worry about remote-resolution issues. I'm sure there are other gems waiting to be discovered as well that may or may not change what knowledge and what logic sits where. I imagine the biggest problem is the fact that malicious nodes have the option of being bad infrequently enough that it could be mistaken for transient failure. -- Mike Perry Mad Computer Scientist fscked.org evil labs
