[tor-dev] Review of Proposal 212, Increase Acceptable Consensus Age (was: Tor proposal status (December 2013))
Nick Mathewson
nickm at alum.mit.edu
Mon Jan 6 17:45:11 UTC 2014
On Fri, Dec 20, 2013 at 12:54 PM, Karsten Loesing
<karsten at torproject.org> wrote:
> On 12/17/13 10:31 PM, Nick Mathewson wrote:
>> 212 Increase Acceptable Consensus Age
>>
>> This proposal suggests that we increase the maximum age of a
>> consensus that clients are willing to use when they can't
>> find a new one, in order to make the network robust for
>> longer against a failure to reach consensus. In my
>> opinion, we should do that. If I recall correctly, there
>> was some tor-dev discussion on this one that should get
>> incorporated into a final, implementable version. (11/2013)
>
> Hi Nick,
>
> I agree with the idea that clients should accept an old consensus up to
> 3 days instead of 1. It's stressful enough to nag directory authority
> operators to look after their machines if they fail to produce a
> consensus for a few hours. I did that a couple of times, and it
> stressed me out every single time. I don't want to imagine how bad such
> a situation would be during the holidays or CCC.
>
> You mention a tor-dev discussion above that should get incorporated. Do
> you have a link? A quick search in my inbox didn't help.
I'm afraid I can't find it either. "Some time in 2012" would be my
guess. I think I was thinking of the discussion on #7986 .
> Here's some feedback from reading the proposal:
>
> - Section 6.1 of dir-spec.txt says that "Circuits SHOULD NOT be built
> until the client has [...] a live consensus network status", but that
> means 3 hours after valid-after, AFAIK. Should we rather specify here
> that clients MAY use a consensus for up to 3 days after its valid-after
> time if they don't find a more recent one? Or is this something to
> leave to the implementation and leave open in dir-spec.txt?
I think it should go into dir-spec.txt once this proposal is done.
Alternatively, we could increase the valid-until interval and have the
valid-until time be 3 days after valid-after. That seems like a
cleaner solution to me. I wonder why we didn't spec it like that.
Perhaps a more careful reading of the proposal or of #7986 will tell
me why...
> - If the new 3 days constant should become part of dir-spec.txt, what
> about the suggested time after which old router descriptors may safely
> be removed from caches? (Would you accept patches to dir-spec.txt that
> specify related time constants that are currently only written to the code?)
Sure.
> - Do we really plan to raise the 3 days to something higher when the
> "proposals related to ticket #7126 [...] are complete and implemented"?
> If so, would it make sense to make the 3 days constant a new consensus
> parameter, rather than hard-code it?
Possibly.
peace,
--
Nick
More information about the tor-dev
mailing list