[tor-bugs] #20509 [Core Tor/Tor]: Directory authorities should take away Guard flag from relays with #20499 bug

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Nov 1 06:25:35 UTC 2016 

#20509: Directory authorities should take away Guard flag from relays with #20499
bug
--------------------------+---------------------
 Reporter:  arma          |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+---------------------

Comment (by arma):

 My current theory is that the bug went in at git commit 09a0f2d0b24, which
 went into Tor 0.2.9.2-alpha. So relays running 0.2.9.1-alpha-dev through
 0.2.9.4-alpha-dev, and also 0.3.0.0-alpha-dev, are affected.

 Option 1 is that we get a new 0.2.9.x out pretty soon, and then contact
 the big relay operators that are running affected versions and get them to
 update. Then we AuthDirReject the ones that have the Guard flag and don't
 update, and periodically we check the network for broken relays (via
 #20501) and contact them / reject them too.

 Option 2 is that we change the directory authority code to withhold a
 Guard vote for all relays running the affected versions. And then get
 enough authorities to update that we can affect Guard assignment. This
 option seems better in theory, I don't have a good handle on what versions
 the dir auths like to run, so I don't know how tricky this one will be in
 practice.

 Option 3 is that we do both -- option 1 at first while trying to do option
 2. That's more work, which is usually stupid, but maybe if option 2 is a
 long way out, we'll need it.

 Did I miss any options? :)

 Oh, I'll also notice that "0.3.0.0-alpha-dev is affected" is a sad phrase,
 since it means we can't distinguish people running newer versions until
 we've made an 0.3.0 release. Unless I'm wrong?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20509#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list