[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] [tor/master] Reject proposal 134
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Wed, 27 May 2009 14:33:44 -0400
Subject: Reject proposal 134
Commit: e86ad6b7fb49a497fa75b79bc15d004b02ebd371
---
doc/spec/proposals/000-index.txt | 5 +++--
doc/spec/proposals/134-robust-voting.txt | 22 ++++++++++++++++++++--
doc/spec/proposals/reindex.py | 2 +-
3 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/doc/spec/proposals/000-index.txt b/doc/spec/proposals/000-index.txt
index 26622e8..b2907e0 100644
--- a/doc/spec/proposals/000-index.txt
+++ b/doc/spec/proposals/000-index.txt
@@ -54,7 +54,7 @@ Proposals by number:
131 Help users to verify they are using Tor [NEEDS-REVISION]
132 A Tor Web Service For Verifying Correct Browser Configuration [DRAFT]
133 Incorporate Unreachable ORs into the Tor Network [DRAFT]
-134 More robust consensus voting with diverse authority sets [ACCEPTED]
+134 More robust consensus voting with diverse authority sets [REJECTED]
135 Simplify Configuration of Private Tor Networks [CLOSED]
136 Mass authority migration with legacy keys [CLOSED]
137 Keep controllers informed as Tor bootstraps [CLOSED]
@@ -115,7 +115,6 @@ Proposals by status:
110 Avoiding infinite length circuits [for 0.2.1.x] [in 0.2.1.3-alpha]
117 IPv6 exits [for 0.2.1.x]
118 Advertising multiple ORPorts at once [for 0.2.1.x]
- 134 More robust consensus voting with diverse authority sets [for 0.2.2.x]
140 Provide diffs between consensuses [for 0.2.2.x]
147 Eliminate the need for v2 directories in generating v3 directories [for 0.2.1.x]
157 Make certificate downloads specific [for 0.2.1.x]
@@ -167,3 +166,5 @@ Proposals by status:
120 Shutdown descriptors when Tor servers stop
128 Families of private bridges
142 Combine Introduction and Rendezvous Points
+ REJECTED:
+ 134 More robust consensus voting with diverse authority sets
diff --git a/doc/spec/proposals/134-robust-voting.txt b/doc/spec/proposals/134-robust-voting.txt
index 5d5e77f..c5dfb3b 100644
--- a/doc/spec/proposals/134-robust-voting.txt
+++ b/doc/spec/proposals/134-robust-voting.txt
@@ -2,8 +2,10 @@ Filename: 134-robust-voting.txt
Title: More robust consensus voting with diverse authority sets
Author: Peter Palfrader
Created: 2008-04-01
-Status: Accepted
-Target: 0.2.2.x
+Status: Rejected
+
+History:
+ 2009 May 27: Added note on rejecting this proposal -- Nick
Overview:
@@ -103,3 +105,19 @@ Possible Attacks/Open Issues/Some thinking required:
Q: Can this ever force us to build a consensus with authorities we do not
recognize?
A: No, we can never build a fully connected set with them in step 3.
+
+------------------------------
+
+I'm rejecting this proposal as insecure.
+
+Suppose that we have a clique of size N, and M hostile members in the
+clique. If these hostile members stop declaring trust for up to M-1
+good members of the clique, the clique with the hostile members will
+in it will be larger than the one without them.
+
+The M hostile members will constitute a majority of this new clique
+when M > (N-(M-1)) / 2, or when M > (N + 1) / 3. This breaks our
+requirement that an adversary must compromise a majority of authorities
+in order to control the consensus.
+
+-- Nick
diff --git a/doc/spec/proposals/reindex.py b/doc/spec/proposals/reindex.py
index 2b4c025..980bc06 100755
--- a/doc/spec/proposals/reindex.py
+++ b/doc/spec/proposals/reindex.py
@@ -4,7 +4,7 @@ import re, os
class Error(Exception): pass
STATUSES = """DRAFT NEEDS-REVISION NEEDS-RESEARCH OPEN ACCEPTED META FINISHED
- CLOSED SUPERSEDED DEAD""".split()
+ CLOSED SUPERSEDED DEAD REJECTED""".split()
REQUIRED_FIELDS = [ "Filename", "Status", "Title" ]
CONDITIONAL_FIELDS = { "OPEN" : [ "Target" ],
"ACCEPTED" : [ "Target "],
--
1.5.6.5