On 21 Aug 2015, at 04:36, s7r s7r@sky-ip.org wrote:
If we merge introduction points with HSDirs, we have no option but to use the same introduction points, regardless how many INTRODUCE2 cells we get through them, until the new shared-RNG consensus value (24 hours normally, in case nothing bad happens which makes us failback to disaster protocol for shared-RNG where we use the previous known one). So if we adopt this, the IPs will have a fixed lifetime of 24 hours, no less or no more (unless disaster).
On protocol failure, the latest edition of the shared-random proposal has the authorities generate a different, predictable value every 24 hours, based on the most recent successful shared-random value.
This is a mitigation which requires an adversary to occupy new points on the hash ring each day, even in a disaster scenario where those points are predictable slightly further in advance.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com pgp 0xABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7