[torspec/master] add prop303 for making protovers required - tor-commits

21 May 2019

commit f171ccb1d7041faa3026041a6964faad5ba96760
Author: Nick Mathewson nickm@torproject.org
Date:   Tue May 21 11:12:54 2019 -0400
add prop303 for making protovers required
---
 proposals/303-protover-removal-policy.txt | 62 +++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/proposals/303-protover-removal-policy.txt b/proposals/303-protover-removal-policy.txt
new file mode 100644
index 0000000..f6f30a8
--- /dev/null
+++ b/proposals/303-protover-removal-policy.txt
@@ -0,0 +1,62 @@
+Filename: 303-protover-removal-policy.txt
+Title: When and how to remove support for protocol versions
+Author: Nick Mathewson
+Created: 21 May 2019
+Status: Draft
+
+1. Background
+
+   With proposal 264, added support for "subprotocol versions" -- a
+   means to declare which features are required for participation in the
+   Tor network.  We also created a mechanism (refined later in proposal
+   297) for telling Tor clients and relays that they cannot participate
+   effectively in the Tor network, and they need to shut down.
+
+   In this document, we describe a policy according to which these
+   decisions should be made in practice.
+
+2. Recommending features (for clients and relays)
+
+   A subprotocol version SHOULD become recommended soon after all
+   release series that did not provide it become unsupported (within a
+   month or so).
+
+   For example, the current oldest LTS release series is 0.2.9; when it
+   becomes unsupported in 2020, the oldest supported release series will
+   be 0.3.5.  Suppose that 0.2.9 supports a subprotocol Cupcake=1, and
+   that all stable 0.3.5.x versions support Cupcake=1-3.  Around one
+   month after the end of 0.2.9 support, Cupcake=3 should become a
+   _recommended_ protocol for clients and relays.
+
+   Additionally, a feature can become _recommended_ because of security
+   reasons.  If we believe that it is a terrible idea to run an old
+   protocol, we can make it _recommended_ for relays or clients or both.
+   We should not do this lightly, since it will be annoying.
+
+3. Requiring features (for relays)
+
+   We regularly update the directory authorities to require relays to
+   run certain versions of Tor or later.  We generally do this after a
+   short outreach campaign to get as many relays as possible to upgrade.
+
+   We MAY make a feature required for relays one month after every
+   version without it is obsolete and unsupported, though it is better
+   to wait three months if possible.
+
+   We SHOULD make a feature required for relays within 12 months after
+   every version without it is obsolete and unsupported.
+
+4. Requiring features (for clients)
+
+   Clients take the longest time to update, and are often the least able
+   to fetch upgrades. Because of this, we should be very careful about
+   making subprotocol versions required on clients, and should only do
+   so for fairly compelling reasons.
+
+   We SHOULD NOT make a feature required for clients until it has been
+   _recommended_ for clients for at first 9 months.
+
+   We SHOULD make a feature required for clients if it has been
+   _recommended_ for clients for at least 18 months.
+
+

    