-
Notifications
You must be signed in to change notification settings - Fork 84
/
Copy path272-valid-and-running-by-default.txt
60 lines (41 loc) · 2.11 KB
/
272-valid-and-running-by-default.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
Filename: 272-valid-and-running-by-default.txt
Title: Listed routers should be Valid, Running, and treated as such
Created: 26 Aug 2016
Author: Nick Mathewson
Status: Closed
Implemented-In: 0.2.9.3-alpha, 0.2.9.4-alpha
1. Introduction and proposal.
This proposal describes a change in how clients understand consensus
flags, and how authorities vote on consensuses.
1.1. Authority-side changes
Back in proposal 138, we made it so that non-Running routers were not
included in the consensus documents. We should do the same with the
Valid flag. Specifically, after voting, if the authorities find that
a router would not receive the Valid flag, they should not include it
at all.
This will require the allocation of a new consensus method, since it
is a change in how consensuses are made from votes.
In the most recent consensus, it will affect exactly 1 router.
1.2. Client-side changes
I propose that clients should consider every listed router to be
listed as Running and Valid if any consensus method above or higher
is in use.
2. Benefits
Removing the notion of listed but invalid routers will remove an
opportunity for error, and let us remove some client side code.
More interestingly, the above changes would allow us to eventually
stop including the Running and Valid flags, thereby providing an
authority-side way to feature-gate clients off of the Tor network
without a fast-zombie problem. (See proposal 266 for discussion.)
A. An additional possible change
Perhaps authorities might also treat BadExit like they treat the
absence of Valid and Running: as sufficient reason to not include a
router in the consensus. Right now, there are only 4 listed BadExit
routers in the consensus, amounting to a small fraction of total
bandwidth.
Making this change would allow us to remove the client-side badexit
logic.
B. Does this solve the zombie problem?
I tested it a little, and it does seem to be a way to make even the
most ancient consensus-understanding Tors stop fetching descriptors
and using the network. More testing needed though.