[tor-dev] Review of Proposal 212, Increase Acceptable Consensus Age (was: Tor proposal status (December 2013))

Nick Mathewson nickm at alum.mit.edu
Mon Jan 6 17:45:11 UTC 2014


On Fri, Dec 20, 2013 at 12:54 PM, Karsten Loesing
<karsten at torproject.org> wrote:
> On 12/17/13 10:31 PM, Nick Mathewson wrote:
>> 212  Increase Acceptable Consensus Age
>>
>>      This proposal suggests that we increase the maximum age of a
>>      consensus that clients are willing to use when they can't
>>      find a new one, in order to make the network robust for
>>      longer against a failure to reach consensus.  In my
>>      opinion, we should do that.  If I recall correctly, there
>>      was some tor-dev discussion on this one that should get
>>      incorporated into a final, implementable version. (11/2013)
>
> Hi Nick,
>
> I agree with the idea that clients should accept an old consensus up to
> 3 days instead of 1.  It's stressful enough to nag directory authority
> operators to look after their machines if they fail to produce a
> consensus for a few hours.  I did that a couple of times, and it
> stressed me out every single time.  I don't want to imagine how bad such
> a situation would be during the holidays or CCC.
>
> You mention a tor-dev discussion above that should get incorporated.  Do
> you have a link?  A quick search in my inbox didn't help.

I'm afraid I can't find it either.  "Some time in 2012" would be my
guess. I think I was thinking of the discussion on #7986 .

> Here's some feedback from reading the proposal:
>
> - Section 6.1 of dir-spec.txt says that "Circuits SHOULD NOT be built
> until the client has [...] a live consensus network status", but that
> means 3 hours after valid-after, AFAIK.  Should we rather specify here
> that clients MAY use a consensus for up to 3 days after its valid-after
> time if they don't find a more recent one?  Or is this something to
> leave to the implementation and leave open in dir-spec.txt?

I think it should go into dir-spec.txt once this proposal is done.

Alternatively, we could increase the valid-until interval and have the
valid-until time be 3 days after valid-after.  That seems like a
cleaner solution to me. I wonder why we didn't spec it like that.
Perhaps a more careful reading of the proposal or of #7986 will tell
me why...

> - If the new 3 days constant should become part of dir-spec.txt, what
> about the suggested time after which old router descriptors may safely
> be removed from caches?  (Would you accept patches to dir-spec.txt that
> specify related time constants that are currently only written to the code?)

Sure.

> - Do we really plan to raise the 3 days to something higher when the
> "proposals related to ticket #7126 [...] are complete and implemented"?
>  If so, would it make sense to make the 3 days constant a new consensus
> parameter, rather than hard-code it?

Possibly.

peace,
-- 
Nick


More information about the tor-dev mailing list