On 6 Dec. 2016, at 10:32, David Goulet <dgoulet@ev0ke.net> wrote:
On 06 Dec (10:09:57), teor wrote:
...
Here's a suggested strategy: * at load time, validate the HS options as if v2 is the default, and validate them as if v3 is the default, and fail if either validation fails. * then, act on the HS options as if v2 is the default, and also act as if v3 is the default, and fail if either action fails. (We need to do this because we don't discover some option issues until runtime, such as whether the directory can be created.) * then, when each consensus is downloaded, publish whichever descriptor is the default in the consensus (if the HS config does not specify a specific version).
This is a reasonable way to proceed considering we use a consensus param to know which version of default HS to create. I see this as more of an engineering problem that can be solved.
Which what I would like us to decide on if we think that consensus param controlling the default version is a good idea or not. If we think yes, we can pull it off, if not everything is simpler :).
So just to be clear, I'm behind you on the concern of making sure we validate the options on launch instead of failing at consensus download. There are ways we can address that like you outlined above.
Yes, I think it is possible, and a better outcome than baking a protocol default into the first release we want to use it in. As long as you are willing to put in the extra dev and test effort! T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------