[tor-bugs] #12598 [Tor]: Increase rotation period of guard nodes
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Feb 6 15:08:55 UTC 2015
#12598: Increase rotation period of guard nodes
-----------------------+-----------------------------------------------
Reporter: asn | Owner: asn
Type: task | Status: assigned
Priority: major | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-guard, 026-triaged-1 unfrozen
Actual Points: | Parent ID: #11480
Points: |
-----------------------+-----------------------------------------------
Comment (by asn):
OK, here is a rough deployment plan:
1. We merge #9321 to little-t-tor. This allows dirauths to publish
consensuses with guardfraction info, and it also allows clients to
understand them and tweak their path selection appropriately.
2. We deploy guardfraction script to all the authorities we can find. We
give them some time to populate their consensus database, etc.
3. We get authorities to run a version of Tor with the #9321 code. They
enable the feature so that consensuses get produced with GuardFraction
items. Old clients ignore those items, upgraded clients ignore them too
because the `UseGuardFraction` is still turned off.
4. Now we Tor developers can test the guardfraction code on the real
network. We can manually turn on `UseGuardFraction` in our torrc, and
check the logs to see if the new probabilities make sense. After this
phase we should have a reasonable assurance that the code works.
5. Now it's time to turn the feature on for all upgraded clients. We can
do this with 3 months of guard lifetime, or we can first up the guard
lifetime to 9 months. It's useful in both cases.
We should decide whether we should do this final step when the #9321 code
is in stable or in alpha. I think that alpha is fine, but this means that
not all clients will switch to the new path selection logic immediately.
This is not optimal because
[https://gitweb.torproject.org/torspec.git/tree/proposals/236-single-
guard-node.txt#n136 proposal 238 also updates the total bandwidth weights]
(`G, M, E, D`) according to guardfraction information, which basically
assumes that all clients upgrade at the same time. In our case, this is
probably not going to be true, which means that the `Middle` weight and
the `Exit` weight will get overestimated, since they are going to drain
some of the `Guard+Middle` weight and the `Guard+Exit` weight. From my
discussion with Nick Hopper during the past dev meeting, we decided that
the network should be able to handle this, and the situation will improve
as more clients update. We maybe should think more about this.
Finally, I'm not sure if we need an alternative name for `GuardLifetime`
so that only upgraded clients switch to the new rotation period. I don't
think this is necessary since it's OK also for old clients to switch to
the new rotation period, ''as long as there are enough upgraded clients
out there'' doing the guardfraction path selection so that they fill the
''guard traffic gap''.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12598#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list