Proposal 147: Eliminate the need for v2 directories in generating v3 directories
Nick Mathewson
nickm at freehaven.net
Wed Jul 2 19:18:50 UTC 2008
Filename: 147-prevoting-opinions.txt
Title: Eliminate the need for v2 directories in generating v3 directories
Version: $Revision: 15607 $
Last-Modified: $Date: 2008-07-02 15:17:51 -0400 (Wed, 02 Jul 2008) $
Author: Nick Mathewson
Created: 2-Jul-2008
Status: Open
Overview
We propose a new v3 vote document type to replace the role of v2
networkstatus information in generating v3 consensuses.
Motivation
When authorities vote on which descriptors are to be listed in the
next consensus, it helps if they all know about the same descriptors
as one another. But a hostile, confused, or out-of-date server may
upload a descriptor to only some authorities. In the current v3
directory design, the authorities don't have a good way to tell one
another about the new descriptor until they exchange votes... but by
the time this happens, they are already committed to their votes,
and they can't add anybody they learn about from other authorities
until the next voting cycle. That's no good!
The current Tor implementation avoids this problem by having
authorities also look at v2 networkstatus documents, but we'd like
in the long term to eliminate these, once 0.1.2.x is obsolete.
Design:
We add a new value for vote-status in v3 consensus documents in
addition to "consensus" and "vote": "opinion". Authorities generate
and sign an opinion document as if they were generating a vote,
except that they send it to one another earlier than they send
votes.
Authorities don't need to generate more than one opinion document
per voting interval, but may. They should send it to the other
authorities they know about, at the regular vote upload URL, before
the authorities begin voting, so that enough time remains for the
authorities to fetch new descriptors.
Upon receiving an opinion document, authorities scan it for any
descriptors that:
- They might accept.
- Are for routers they don't know about, or are published more
recently than any descriptor they have for that router.
Authorities then begin downloading such descriptors from authorities
that claim to have them.
Authorities MAY cache opinion documents, but don't need to.
More information about the tor-dev
mailing list