Filename: 334-middle-only-flag.txt
Title: A dirauth flag to mark Relays as Middle-only
Author: Neel Chauhan
Created: 2021-09-07
Status: open

1. Introduction

  The Health Team often deals with a large number of relays with an incorrect
  configuration (e.g. not all relays in MyFamily), or needs validation that
  requires contacting the relay operator. It is desirable to put the said
  relays in a less powerful position, such as a middle and rendezvous only
  flag that prevents a relay from being say an entry guard or an exit. [1]

2. The MiddleOnly Flag

  We propose a consensus flag MiddleOnly.

  What this flag does is that a relay must only be in a a middle or
  rendezvous point should a relay have this flag. This is to prevent issues
  with a misconfigured relay as described in Section 1 (Introduction) while
  the Health  Team assesses the risk with the relay.

3. Implementation details

  The MiddleOnly flag can be assigned to relays whose IP addresses are
  configured at the directory authority level, similar to how the BadExit flag
  currently works. In short, if a relay's IP is designated as middle-only, it
  must assign the MiddleOnly flag, otherwise

  Relays which haven't gotten the Guard or Exit flags yet but have IP addresses
  that aren't designated as middle-only in the dirauths must not get the
  MiddleOnly flag. This is to allow new entry guards and exit relays to enter
  the Tor network, while giving relay administrators flexibility to increase
  and reduce bandwidth, or switch between exit and non-exit relays.

  Clients should interpret the MiddleOnly flag while parsing relay descriptors
  to determine whether a relay is to be avoided as an entry guard or exit. If
  a client parses the MiddleOnly flag, it must not use MiddleOnly-designated
  relays as entry guards or exit relays.

3. Citations

  [1] - https://gitlab.torproject.org/tpo/core/tor/-/issues/40448