commit 429dd3ab775f2b493c8cf3c9eb4d1f3456520379 Author: David Goulet dgoulet@torproject.org Date: Wed Jan 29 16:58:57 2020 -0500
dir-spec: Vote should be refused after upload period
Spec change for ticket #4631.
Signed-off-by: David Goulet dgoulet@torproject.org --- dir-spec.txt | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/dir-spec.txt b/dir-spec.txt index 1a7a1cd..a5f7460 100644 --- a/dir-spec.txt +++ b/dir-spec.txt @@ -320,7 +320,21 @@ VA-DistSeconds-VoteSeconds: The authorities exchange votes.
VA-DistSeconds-VoteSeconds/2: The authorities try to download any - votes they don't have. + votes they don't have. Furthermore, they stopped accepting vote posted to + them. + + Note: The reason why the vote should be refused is to minimize the + chance of a consensus split if the authorities are under bandwidth + pressure. If an authority is struggling to upload its vote and finally + does it on a fraction of authorities after this period, they will + compute a consensus different from the others. By refusing the vote + after this period, we increase our chances that everyone will use the + same vote set. + + It does not fix the problem entirely because the problem also exists if + N authorities are able to fetch a specific vote but M authorities fail + to do so. However, it is an improvement towards making sure each + authority has the same set of votes.
VA-DistSeconds: The authorities calculate the consensus and exchange signatures.