- Directory guards are 85% of total current guard bandwidth. - Guards with ORPorts on 80/443 are 42% of total current guard bandwidth. - Guards on IPv6 are 20% of total current guard bandwidth. - Guards both on 80/443 and on IPv6 are 8% of total current guard bandwidth.
Useful info, thanks. This tells us it's very unlikely that someone will not have any dirguards, or dystopic guards or ipv6 guards. And if we make the sample set size large enough, something like 50 guards - we are very likely to have all capabilities.
With the above probabilities, everytime you sample a guard you have 20% probability for it to be an IPv6 guard. To get 4 of them, you will first need to sample a lot of guards (like 20 or so, but some binomial distribution magic is required to get the exact probabilities) and add them to your sampled guard set. I wonder if that's worth it.
Maybe, maybe not. I don't think the problem of sampling until we have enough to match the filter is a big problem actually.
Maybe if we have a single guard that satisfies our filters in our sampled guard list, we should use that guard instead of sampling for more? I don't exactly see value in sampling and exposing ourselves to additional guards if we have one that we like (and we might have even connected to in the past).
True, if we have one and that works - all fine with me. The problem is that IF that guard doesn't work, we have no fallback mechanism to sample more guards, so we will never correct for that circuit building.
Symmetrically, I'm also not sure what's the right thing to do if we have zero guards that satisfy our filters in our sampled guard set. Should we start sampling randomly till we hit a guard that satisfies us, or should we sample directly from the correct set (e.g. only from the set of IPv6 guards). I'm still not sure about this.
I'm much more in favor of sampling in general, rather than trying to hit the specific thing. If we sample in general, we will not skew the sampled set at least.
Cheers