Tor Network Consensus Document

gAtO lOOkInG – at the Tor-network intelligence, how does it do what it does. Tor takes volunteers Onion-relays and organizes them into different categories they are called “flags” –

—  known-flags Authority BadExit Exit Fast Guard HSDir Named Running Stable Unnamed V2Dir Valid  —

Of course there are only now 10 authority flags-servers own and controlled by some of the top people in the Tor-project community. These 10 Authority-relays control all the intelligence that Tor need to run and keep everything working automatic. Every few hours these relays gather the OR-relays and depending on how long they have been turned on, how much bandwidth they have what version of Tor-software and OS they have and put this together into one document then it does a calculation and assigns flags to the 3,500 or so volunteer OR-relays throughout the world. After it’s all said and done they produce a “Consensus Document and sends this information to every HSDir -OR-relay so that clients can find hidden service websites in Tor. The HSDIR relays have all the DNS information to find Tor-hidden service -websites…//

consensus document – May-2013


network-status-version 3

vote-status consensus

consensus-method 17

valid-after 2013-05-17 12:00:00

fresh-until 2013-05-17 13:00:00

valid-until 2013-05-17 15:00:00

voting-delay 300 300



known-flags Authority BadExit Exit Fast Guard HSDir Named Running Stable Unnamed V2Dir Valid

params CircuitPriorityHalflifeMsec=30000 UseOptimisticData=1 bwauthpid=1 pb_disablepct=0


dir-source tor26 14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 80 443

contact Peter Palfrader

vote-digest C9B36D4CE1E4E25D313DBCB9CAB01BD6402136BB

dir-source turtles 27B6B5996C426270A5C95488AA5BCEB6BCC86956 9030 9090

contact Mike Perry <mikeperryTAfsckedTODorg>

vote-digest 2974C1E86CE7D44B2A1B304DDED4D6965C519F6C

dir-source maatuska 49015F787433103580E3B66A1707A00E60F2D15B 443 80

contact 4096R/23291265 Linus Nordberg <>

vote-digest 4C9F8F31152829E776531350A3D0A3AB4F601FBF

dir-source dannenberg 585769C78764D58426B8B52B6651A5A71137189A 80 443

contact Andreas Lehner <>

vote-digest E326C020E9462BA105EC190DFBE4EA8FADA3A138

dir-source urras 80550987E1D626E3EBA5E5E75A458DE0626D088C 443 80

contact 4096R/4193A197 Jacob Appelbaum <>

vote-digest 9D6CB9D0890C4BF18D12BBB4F26F5BC762B081C3

dir-source moria1 D586D18309DED4CD6D57C18FDB97EFA96D330566 9131 9101

contact 1024D/28988BF5 arma mit edu

vote-digest 21FCEA71FE6597E39E586721F7DA65C3A74A4EA1

dir-source dizum E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 80 443

contact 1024R/8D56913D Alex de Joode <>

vote-digest 0787DE217B45ED8895701D679F02E755A257AF4F

dir-source gabelmoo ED03BB616EB2F60BEC80151114BB25CEF515B226 80 443

contact 4096R/C5AA446D Sebastian Hahn <>

vote-digest EEECD55223C97CACF7655D897782B61B64C1CF03

dir-source Faravahar EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 80 443

contact 0x0B47D56D SiNA Rabbani (inf0) <sina redteam io>

vote-digest EE92CA0F3820E3BAFC22C41DFD107D4F4B34E542

r ididnteditheconfig6 AB+dZViiymIEpTtbx+9cX5Y32i0 sjraCwjE8lzInizQ0UPqTI1AHkE 2013-05-17 10:29:13 9001 9030

s Exit Fast Running V2Dir Valid

v Tor

w Bandwidth=14

p accept 20-23,43,53,79-81,88,110,143,194,220,389,443,464,531,543-544,554,563,636,706,749,873,902-904,981,989-995,1194,1220,1293,1500,1533,1677,1723,1755,1863,2082-2083,2086-2087,2095-2096,2102-2104,3128,3389,3690,4321,4643,5050,5190,5222-5223,5228,5900,6660-6669,6679,6697,8000,8008,8074,8080,8087-8088,8332-8333,8443,8888,9418,9999-10000,11371,19294,19638

r MukiMukiAmaguri ADwuo9jHaHhVHIjp8/rSBaoXkj8 qZ48RT3ftleevrpO/kNy1qeBAS0 2013-05-16 18:16:19 9001 9030

s Fast HSDir Running Stable Unnamed V2Dir Valid

v Tor

w Bandwidth=38

p reject 1-65535


r= Version of Tor- -OS -timestamp -IP address

s= Flags of the Onion-relay

w= bandwidth that the relays has

p= Exit relay information

The 10 servers on top of the documents are the Tor- Authority the servers that have all the real power in Tor controlled by – SiNA Rabbani (inf0) <sina redteam io> – Sebastian Hahn <> – Alex de Joode <> – arma mit edu – Andreas Lehner <> – Linus Nordberg <> –  Mike Perry <mikeperryTAfsckedTODorg> – Jacob Appelbaum – Peter Palfrader <> –

These are the real master of the Tor network nah… just joking it’s in the code– gAtO oUt


There is a small set (say, around 5-10) of semi-trusted directory authorities.  A default list of authorities is shipped with the Tor software.  Users can change this list, but are encouraged not to do so, in order to avoid partitioning attacks.

Every authority has a very-secret, long-term “Authority Identity Key”. This is stored encrypted and/or offline, and is used to sign “key certificate” documents.  Every key certificate contains a medium-term (3-12 months) “authority signing key”, that is used by the authority to sign other directory information.  (Note that the authority identity key is distinct from the router identity key that the authority uses in its role as an ordinary router.)

Routers periodically upload signed “routers descriptors” to the directory authorities describing their keys, capabilities, and other information.  Routers may also upload signed “extra info documents” containing information that is not required for the Tor protocol. Directory authorities serve router descriptors indexed by router identity, or by hash of the descriptor.

Routers may act as directory caches to reduce load on the directory authorities.  They announce this in their descriptors.

Periodically, each directory authority generates a view of the current descriptors and status for known routers.  They send a signed summary of this view (a “status vote”) to the other authorities.  The authorities compute the result of this vote, and sign a “consensus status” document containing the result of the vote.

Directory caches download, cache, and re-serve consensus documents.

Clients, directory caches, and directory authorities all use consensus

documents to find out when their list of routers is out-of-date.

(Directory authorities also use vote statuses.) If it is, they download

any missing router descriptors.  Clients download missing descriptors

from caches; caches and authorities download from authorities.

Descriptors are downloaded by the hash of the descriptor, not by the

relay’s identity key: this prevents directory servers from attacking

clients by giving them descriptors nobody else uses.


All directory information is uploaded and downloaded with HTTP.

[Authorities also generate and caches also cache documents produced and

used by earlier versions of this protocol; see dir-spec-v1.txt and

dir-spec-v2.txt for notes on those versions.]

%d bloggers like this: