r15857@catbus: nickm | 2007-10-16 12:59:13 -0400

Add proposal 123-autonaming.txt


svn:r11988

doc/spec/proposals/000-index.txt

@@ -45,6 +45,7 @@ Proposals by number:
 120  Suicide descriptors when Tor servers stop [OPEN]
 121  Hidden Service Authentication [OPEN]
 122  Network status entries need a new Unnamed flag [OPEN]
+123  Naming authorities automatically create bindings [OPEN]
 
 
 Proposals by status:
@@ -61,6 +62,7 @@ Proposals by status:
    120  Suicide descriptors when Tor servers stop
    121  Hidden Service Authentication
    122  Network status entries need a new Unnamed flag
+   123  Naming authorities automatically create bindings
  ACCEPTED:
    101  Voting on the Tor Directory System
    103  Splitting identity key from regularly used signing key

doc/spec/proposals/123-autonaming.txt

@@ -0,0 +1,54 @@
+Filename: xxx-autonaming.txt
+Title: Naming authorities automatically create bindings
+Version: $Revision$
+Last-Modified: $Date$
+Author: Peter Palfrader
+Created: 2007-10-11
+Status: Open
+
+Overview:
+
+  Tor's directory authorities can give certain servers a "Named" flag
+  in the network-status entry, when they want to bind that nickname to
+  that identity key. This allows clients to specify a nickname rather
+  than an identity fingerprint and still be certain they're getting the
+  "right" server.
+
+  Authority operators name a server by adding their nickname and
+  identity fingerprint to the 'approved-routers' file.  Historically
+  being listed in the file was required for a router, at first for being
+  listed in the directory at all, and later in order to be used by
+  clients as a first or last hop of a circuit.
+
+  Adding identities to the list of named routers so far has been a
+  manual, time consuming, and boring job.  Given that and the fact that
+  the Tor network works just fine without named routers the last
+  authority to keep a current binding list stopped updating it well over
+  half a year ago.
+
+  Naming, if it were done, would serve a useful purpose however in that
+  users can have a reasonable expectation that the exit server Bob they
+  are using in their http://www.google.com.bob.exit/ URL is the same
+  Bob every time.
+
+Proposal:
+  I propose that identity<->name binding be completely automated:
+
+  New bindings should be added after the router has been around for a
+  bit and their name has not been used by other routers, similarly names
+  that have not appeared on the network for a long time should be freed
+  in case a new router wants to use it.
+
+  The following rules are suggested:
+  i) If a named router has not been online for half a year, the
+     identity<->name binding for that name is removed.  The nickname
+     is free to be taken by other routers now.
+  ii) If a router claims a certain nickname and
+       a) has been on the network for at least two weeks, and
+       b) that nickname is not yet linked to a different router, and
+       c) no other router has wanted that nickname in the last month,
+      a new binding should be created for this router and its desired
+      nickname.
+
+ This automaton does not necessarily need to live in the Tor code, it
+ can do its job just as well when it's an external tool.