Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Packages and registries
    • Packages and registries
    • Container Registry
    • Model experiments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #2665

Create a dirauth DoS response procedure

We have the technical ability right now to rapidly rotate up to n-1 of the directory authorities to new IP addresses and new intermediate keys, simply by updating torrc files of dirauths. So long as at least one directory authority remains listening on its old IP address and is aware of the other directory authorities' new locations, it should still be possible to both produce a consensus and distribute it to new clients.

We should clearly document this procedure so we can execute it quickly if a majority of the Tor directory authorities fall victim to a DoS or compromise.

We should also consider altering client bundles to ship with a reduced consensus or descriptor set of ultra high-uptime directory mirrors, so that in the future we can rotate all n directory authorities without issue.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking