commit ecd41d465a5239a82e06ff88e4c03c2cbc99f2ec Author: Nick Mathewson nickm@torproject.org Date: Fri Oct 8 10:22:53 2021 -0400
Proposal 335: alternative implementation for MiddleOnly. --- proposals/000-index.txt | 2 + proposals/335-middle-only-redux.md | 77 ++++++++++++++++++++++++++++++++++++++ proposals/BY_INDEX.md | 1 + proposals/README.md | 1 + 4 files changed, 81 insertions(+)
diff --git a/proposals/000-index.txt b/proposals/000-index.txt index cb9a9fa..af0c8b1 100644 --- a/proposals/000-index.txt +++ b/proposals/000-index.txt @@ -255,6 +255,7 @@ Proposals by number: 332 Ntor protocol with extra data, version 3 [OPEN] 333 Vanguards lite [DRAFT] 334 A Directory Authority Flag To Mark Relays As Middle-only [OPEN] +335 An authority-only design for MiddleOnly [OPEN]
Proposals by status: @@ -300,6 +301,7 @@ Proposals by status: 330 Modernizing authority contact entries 332 Ntor protocol with extra data, version 3 334 A Directory Authority Flag To Mark Relays As Middle-only + 335 An authority-only design for MiddleOnly ACCEPTED: 265 Load Balancing with Overhead Parameters [for 0.2.9.x] 275 Stop including meaningful "published" time in microdescriptor consensus [for 0.3.1.x-alpha] diff --git a/proposals/335-middle-only-redux.md b/proposals/335-middle-only-redux.md new file mode 100644 index 0000000..19e6c1b --- /dev/null +++ b/proposals/335-middle-only-redux.md @@ -0,0 +1,77 @@ +``` +Filename: 335-middle-only-redux.md +Title: An authority-only design for MiddleOnly +Author: Nick Mathewson +Created: 2021-10-08 +Status: Open +``` + +# Introduction + +This proposal describes an alternative design for a `MiddleOnly` +flag. Instead of making changes at the client level, it adds a +little increased complexity at the directory authority's voting +process. In return for that complexity, this design will work +without additional changes required from Tor clients. + +For additional motivation and discussion see proposal 334 by Neel +Chauhan, and the related discussions on tor-dev. + +# Protocol changes + +## Generating votes + +When voting for a relay with the `MiddleOnly` flag, an authority +should set all flags indicating that a relay is unusable for a +particular purpose, and against all flags indicating that the relay +is usable for a particular position. + +These flags SHOULD be set in a vote whenever `MiddleOnly` is +present, and only when the authority is configured to vote on the +`BadExit` flag. + + * `BadExit` + +These flags SHOULD be cleared in a vote whenever `MiddleOnly` is +present. + + * `Exit` + * `Guard` + * `HSDir` + * `V2Dir` + +## Computing a consensus + +This proposal will introduce a new consensus method (probably 32). +Whenever computing a consensus using that consensus method or later, +authorities post-process the set of flags that appear in the +consensus after flag voting takes place, by applying the same rule +as above. + +That is, with this consensus method, the authorities first compute +the presence or absence of each flag on each relay as usual. Then, +if the `MiddleOnly` flag is present, the authorities set `BadExit`, +and clear `Exit`, `Guard`, `HSDir`, and `V2Dir`. + +# Configuring authorities + +We'll need a means for configuring which relays will receive this +flag. For now, we'll just reuse the same mechanism as +`AuthDirReject` and `AuthDirBadExit`: a set of torrc configuration +lines listing relays by address. We'll call this +`AuthDirMiddleOnly`. + +We'll also add an `AuthDirListsMiddleOnly` option to turn on or off +voting on this option at all. + +# Notes on safety and migration + +Under this design, the MiddleOnly option becomes useful immediately, +since authorities that use it will stop voting for certain +additional options for MiddleOnly relays without waiting for the +other authorities. + +We don't need to worry about a single authority setting MiddleOnly +unilaterally for all relays, since the MiddleOnly flag will have no +special effect until most authorities have upgraded to the new +consensus method. diff --git a/proposals/BY_INDEX.md b/proposals/BY_INDEX.md index 9fa8a78..5e07863 100644 --- a/proposals/BY_INDEX.md +++ b/proposals/BY_INDEX.md @@ -252,4 +252,5 @@ Below are a list of proposals sorted by their proposal number. See * [`332-ntor-v3-with-extra-data.md`](/proposals/332-ntor-v3-with-extra-data.md): Ntor protocol with extra data, version 3 [OPEN] * [`333-vanguards-lite.md`](/proposals/333-vanguards-lite.md): Vanguards lite [DRAFT] * [`334-middle-only-flag.txt`](/proposals/334-middle-only-flag.txt): A Directory Authority Flag To Mark Relays As Middle-only [OPEN] +* [`335-middle-only-redux.md`](/proposals/335-middle-only-redux.md): An authority-only design for MiddleOnly [OPEN]
diff --git a/proposals/README.md b/proposals/README.md index 3e3645a..49968f8 100644 --- a/proposals/README.md +++ b/proposals/README.md @@ -42,6 +42,7 @@ for discussion. * [`330-authority-contact.md`](/proposals/330-authority-contact.md): Modernizing authority contact entries * [`332-ntor-v3-with-extra-data.md`](/proposals/332-ntor-v3-with-extra-data.md): Ntor protocol with extra data, version 3 * [`334-middle-only-flag.txt`](/proposals/334-middle-only-flag.txt): A Directory Authority Flag To Mark Relays As Middle-only +* [`335-middle-only-redux.md`](/proposals/335-middle-only-redux.md): An authority-only design for MiddleOnly
## ACCEPTED proposals: slated for implementation