Re: [Tails-dev] Some research about mirror infrastructure

Hi,

ah right, I didn't think of the weighting problem with DNS - I had MX
records in mind and thought the fallback could be weighted like these
records.

I also did not think about TLS; I was just happy to have an (at least
temporary) solution which was simple enough for me to create using
various StackOverflow suggestions and code snippets. That's also the
reason why I can't provide a PHP equivalent of this code: While I could
experiment with JavaScript safely, PHP is something which should only be
coded by people who know the possible risks of running the code on the
server. It's an entirely different thing from a security point of view,
I think. If I make an error using JavaScript, the worst thing which can
happen is a crashing browser (happened during my experiments!). Should I
cause an equivalent error in PHP, something important might crash on the
server, or in the worst case there might even be data loss. Also, even
if I was able to create a PHP script for this task which worked
perfectly fine, I'd probably still be too afraid of not having thought
about possible security issues, problems with scalability etc.


Maybe someone else with more coding experience and self-confidence could
create a server-side solution. Mirrorbrain sounds nice; if available, I
would suggest using something which is already used by other open source
projects. :)


Best regards,
Tobias Frei


Am 09.08.2014 um 10:22 schrieb intrigeri:
> Hi,
>
> [I've tried to reconcile the two threads by fiddling with the
> References header.]
>
> Tobias Frei wrote (09 Aug 2014 01:12:18 GMT) :
>> this actually *is* a complementary approach to another one. :D
>> The "another one" is the DNS solution you currently use. You could,
>> for example, use the named server JavaScript idea *and* let it fall
>> back to dl.amnesia.boum.org. The POC does exactly that. :)
>
>> Example DNS configuration:
>> dl.amnesia.boum.org - with 25 A records
>> tormirror.dl.amnesia.boum.org - with a CNAME or A record
>> another.dl.amnesia.boum.org - same here; this one is also one of the 25
>> yetanother.dl.amnesia.boum.org - etc. etc.
>> [unlimited amount of other mirror names]
>
> If we do that, then we would have two (potentially overlapping) pools.
> The members of the first pool (served via JS) could be weighted
> relatively to each other, the members of the second pool (dl.a.b.o)
> could not (unless we have multiple DNS pools), and we would have no
> way to weight these two pools relatively to each other.
>
> Also, mirrors that are in the two pools will need to serve the same
> files on two different hostnames (e.g. ServerAlias). This is not
> a problem in itself, but then, once we introduce TLS for mirrors, we
> will need to provide them with a certificate that's valid for these
> two hostnames, which is more expensive and a bit more painful to get.
>
> Correct?
>
>> As even the Tor Browser Bundle has javascript enabled by default,[1] I
>> think the number of people who will use the fallback will be quite low.
>
> Minor data point: there's ongoing work on a "security slider" in TBB,
> that will make it easier to adjust one's JS prefs, and include an
> option for disabling JS by default. As a result, I expect that more
> TBB users (and then in turn, Tails users) will run their browser with
> JS disabled by default in the future.
>
> Cheers,
>