On Sun, Sep 23, 2007 at 04:37:27PM -0400, Roger Dingledine wrote: > > Once upon a time (2003 era), you needed to be manually approved or you > wouldn't be able to join the network. The primary reason was that we > needed to verify that your server was reachable, working, etc. Then > we got more than a dozen servers, including servers run by people we > didn't know, and we automated the process of testing reachability at the > directory authorities. Then we started to allow unnamed servers to join > the network and play pretty much the same role. >
Not that it matters much for present purposes, but I would say that these primary reasons were actually clear ancillary benefits that grew to be the important reasons. The original motivation for putting this man-in-the-loop element in there by design was a kluge to have a simple if weak check on the number of servers run by a single authorities rather than to make sure servers were up and running properly (which was an issue whether you were known or not). In practice this started as Roger-has-to-know-you-out-of-band. Once we were pleased to scale beyond that being feasible, we (i.e., Roger) were still manually deciding whether to take a server into the network, so could avoid or manage-as-it-arose multiple servers obviously controlled by the same person, and we could have warm fuzzies that we made it at least a bit more work if someone wanted to do this non-obviously. Throughout this process, even when everyone was known, there will still interactions of the we-don't-seem-to-be-able-to-reach-you or we-don't-seem-to-be-able-to-make-circuits-through-you type. But, as the authorization aspect came to be less manageable and wasn't a functional issue, it ceased being something that was addressed at all in joining the network. I think even before Weasel took over this job from Roger it had entirely moved to an issue of functionality rather than preserving anonymity that was being addressed by having registration. As scaling continued, whether for server reachability/functioning or for authorization of who could join what to the network, this moved beyond what Weasel or anyone could feasibly manage in this way. We ultimately arrived at the current situation. The automation and usability of configuration continues to improve steadily (if much too slowly for the impatient). Managing who is in the network and/or their control of path endpoints is something that remains much trickier since the nature of the network is itself evolving. And what is theoretically justified, practical, and doesn't break some other aspect is itself very murky and the subject of ongoing research. aloha, Paul