[tor-commits] [torspec/master] Add a proposal for a better way to do 266
nickm at torproject.org
nickm at torproject.org
Fri Aug 26 17:48:29 UTC 2016
commit 68177157137e97359511cdf86675af2df3a3628c
Author: Nick Mathewson <nickm at torproject.org>
Date: Fri Aug 26 13:48:26 2016 -0400
Add a proposal for a better way to do 266
---
proposals/000-index.txt | 2 +
proposals/272-valid-and-running-by-default.txt | 59 ++++++++++++++++++++++++++
2 files changed, 61 insertions(+)
diff --git a/proposals/000-index.txt b/proposals/000-index.txt
index 41aec3d..d0376cd 100644
--- a/proposals/000-index.txt
+++ b/proposals/000-index.txt
@@ -192,6 +192,7 @@ Proposals by number:
269 Transitionally secure hybrid handshakes [DRAFT]
270 RebelAlliance: A Post-Quantum Secure Hybrid Handshake Based on NewHope [DRAFT]
271 Another algorithm for guard selection [OPEN]
+272 Listed routers should be Valid, Running, and treated as such [OPEN]
Proposals by status:
@@ -251,6 +252,7 @@ Proposals by status:
262 Re-keying live circuits with new cryptographic material
264 Putting version numbers on the Tor subprotocols
271 Another algorithm for guard selection
+ 272 Listed routers should be Valid, Running, and treated as such
ACCEPTED:
140 Provide diffs between consensuses
172 GETINFO controller option for circuit information
diff --git a/proposals/272-valid-and-running-by-default.txt b/proposals/272-valid-and-running-by-default.txt
new file mode 100644
index 0000000..7e14b6b
--- /dev/null
+++ b/proposals/272-valid-and-running-by-default.txt
@@ -0,0 +1,59 @@
+Filename: 272-valid-and-running-by-default.txt
+Title: Listed routers should be Valid, Running, and treated as such
+Created: 26 Aug 2016
+Author: Nick Mathewson
+Status: Open
+
+1. Introduction and proposal.
+
+ This proposal describes a change in how clients understand consensus
+ flags, and how authorities vote on consensuses.
+
+1.1. Authority-side changes
+
+ Back in proposal 138, we made it so that non-Running routers were not
+ included in the consensus documents. We should do the same with the
+ Valid flag. Specifically, after voting, if the authorities find that
+ a router would not receive the Valid flag, they should not include it
+ at all.
+
+ This will require the allocation of a new consensus method, since it
+ is a change in how consensuses are made from votes.
+
+ In the most recent consensus, it will affect exactly 1 router.
+
+1.2. Client-side changes
+
+ I propose that clients should consider every listed router to be
+ listed as Running and Valid if any consensus method above or higher
+ is in use.
+
+2. Benefits
+
+ Removing the notion of listed but invalid routers will remove an
+ opportunity for error, and let us remove some client side code.
+
+ More interestingly, the above changes would allow us to eventually
+ stop including the Running and Valid flags, thereby providing an
+ authority-side way to feature-gate clients off of the Tor network
+ without a fast-zombie problem. (See proposal 266 for discussion.)
+
+
+A. An additional possible change
+
+ Perhaps authorities might also treat BadExit like they treat the
+ absence of Valid and Running: as sufficient reason to not include a
+ router in the consensus. Right now, there are only 4 listed BadExit
+ routers in the consensus, amounting to a small fraction of total
+ bandwidth.
+
+ Making this change would allow us to remove the client-side badexit
+ logic.
+
+
+B. Does this solve the zombie problem?
+
+ I tested it a little, and it does seem to be a way to make even the
+ most ancient consensus-understanding Tors stop fetching descriptors
+ and using the network. More testing needed though.
+
More information about the tor-commits
mailing list