o Availability:
- Must be available to upgrade within a few days in most cases.
(While we're still developing Tor, we periodically find bugs that
- impact the whole network and require dirserver upgrades.)
- - Should be have a well-known way to contact the administrator
+ impact the whole network and require authority upgrades.)
+ - Should have a well-known way to contact the administrator
via PGP-encrypted message.
o Integrity:
o Diversity
- We should avoid situations that make it likelier for multiple
- dirserver failures to happen at the same time. Therefore...
- - It's good when dirservers are not all in the same country.
- - It's good when dirservers are not all in the same jurisdictions.
- - It's good when dirservers are not all running the same OS.
- - It's good when dirservers are not all using the same ISP.
- - It's good when dirservers are not all running the same
+ authority failures to happen at the same time. Therefore...
+ - It's good when authorities are not all in the same country.
+ - It's good when authorities are not all in the same jurisdictions.
+ - It's good when authorities are not all running the same OS.
+ - It's good when authorities are not all using the same ISP.
+ - It's good when authorities are not all running the same
version of Tor.
- - No two dirservers should have the same operator.
+ - No two authorities should have the same operator.
- Maximal diversity, however, is not always practical. Sometimes,
for example, there is only one version of Tor that provides a
given consensus generation algorithm.
projects / thirdparty / tor.git / commitdiff
