Hi,
[I've tried to reconcile the two threads by fiddling with the
References header.]
Tobias Frei wrote (09 Aug 2014 01:12:18 GMT) :
> this actually *is* a complementary approach to another one. :D
> The "another one" is the DNS solution you currently use. You could,
> for example, use the named server JavaScript idea *and* let it fall
> back to dl.amnesia.boum.org. The POC does exactly that. :)
> Example DNS configuration:
> dl.amnesia.boum.org - with 25 A records
> tormirror.dl.amnesia.boum.org - with a CNAME or A record
> another.dl.amnesia.boum.org - same here; this one is also one of the 25
> yetanother.dl.amnesia.boum.org - etc. etc.
> [unlimited amount of other mirror names]
If we do that, then we would have two (potentially overlapping) pools.
The members of the first pool (served via JS) could be weighted
relatively to each other, the members of the second pool (dl.a.b.o)
could not (unless we have multiple DNS pools), and we would have no
way to weight these two pools relatively to each other.
Also, mirrors that are in the two pools will need to serve the same
files on two different hostnames (e.g. ServerAlias). This is not
a problem in itself, but then, once we introduce TLS for mirrors, we
will need to provide them with a certificate that's valid for these
two hostnames, which is more expensive and a bit more painful to get.
Correct?
> As even the Tor Browser Bundle has javascript enabled by default,[1] I
> think the number of people who will use the fallback will be quite low.
Minor data point: there's ongoing work on a "security slider" in TBB,
that will make it easier to adjust one's JS prefs, and include an
option for disabling JS by default. As a result, I expect that more
TBB users (and then in turn, Tails users) will run their browser with
JS disabled by default in the future.
Cheers,
--
intrigeri
