[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Review of Proposal 215: Let the minimum consensus method change with time (was: Tor proposal status (December 2013))



On 12/17/13 10:31 PM, Nick Mathewson wrote:
> 215  Let the minimum consensus method change with time
> 
>      This proposal describes how we can raise the minimum
>      allowable consensus method that all authorities must
>      support, since the ancient "consensus method 1" would not
>      actually be viable to keep the Tor network running.  We
>      should do this; see ticket #10163. (11/2013)

Hi Nick,

I'm probably missing something important here, but I don't know what.

Right now, if a directory authority learns from the votes that more than
2/3 of authorities support a consensus method higher that it can support
itself, it falls back to consensus method 1.  That authority then
produces a consensus that won't have enough signatures for any client to
use it, so it's useless.

The proposal suggests that this authority produces a consensus using a
higher method than 1, but still lower than what the other authorities
are going to produce.  But this consensus will still not contain enough
signatures.

What's the point?

The last paragraph in the proposal makes most sense to me:

> We might want to have the behavior when we see that everybody else
> will be using a method we don't support be "Don't make a consensus
> at all."  That's harder to program, though.

Can you say why this solution is harder to program?  It seems like the
cleaner design.

But even if it's too difficult to program (or would likely add new
bugs), why not keep the fall-back-to-method-1 workaround?  Does it cause
any harm?

There are probably edge cases I didn't consider.  I wonder which ones
that are.

All the best,
Karsten

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev