[tor-commits] [torspec/master] dir-spec: Edit uploaded vote rejection spec

nickm at torproject.org nickm at torproject.org
Thu Feb 20 13:19:26 UTC 2020 

commit a3006814874f18efd9bcabd4733e0811eca445b5
Author: teor <teor at torproject.org>
Date:   Tue Feb 18 13:00:49 2020 +1000

    dir-spec: Edit uploaded vote rejection spec
    
    Be more specific: clearly distinguish between uploaded and downloaded
    votes.
    
    Add the Tor version that introduces this behaviour.
    
    Spec for ticket 4631.
---
 dir-spec.txt | 36 ++++++++++++++++++++----------------
 1 file changed, 20 insertions(+), 16 deletions(-)

diff --git a/dir-spec.txt b/dir-spec.txt
index a5f7460..1e91070 100644
--- a/dir-spec.txt
+++ b/dir-spec.txt
@@ -317,24 +317,28 @@
 
    The timeline for a given consensus is as follows:
 
-   VA-DistSeconds-VoteSeconds: The authorities exchange votes.
+   VA-DistSeconds-VoteSeconds: The authorities exchange votes. Each authority
+   uploads their vote to all other authorities.
 
    VA-DistSeconds-VoteSeconds/2: The authorities try to download any
-   votes they don't have. Furthermore, they stopped accepting vote posted to
-   them.
-
-      Note: The reason why the vote should be refused is to minimize the
-      chance of a consensus split if the authorities are under bandwidth
-      pressure. If an authority is struggling to upload its vote and finally
-      does it on a fraction of authorities after this period, they will
-      compute a consensus different from the others. By refusing the vote
-      after this period, we increase our chances that everyone will use the
-      same vote set.
-
-      It does not fix the problem entirely because the problem also exists if
-      N authorities are able to fetch a specific vote but M authorities fail
-      to do so. However, it is an improvement towards making sure each
-      authority has the same set of votes.
+   votes they don't have.
+
+   Authorities SHOULD also reject any votes that other authorities try to
+   upload after this time. (0.4.4.1-alpha was the first version to reject votes
+   in this way.)
+
+      Note: Refusing late uploaded votes minimises the chance of a consensus
+      split, particular when authorities are under bandwidth pressure. If an
+      authority is struggling to upload its vote, and finally uploads to a
+      fraction of authorities after this period, they will compute a consensus
+      different from the others. By refusing uploaded votes after this time,
+      we increase the likelihood that most authorities will use the same vote
+      set.
+
+      Rejecting late uploaded votes does not fix the problem entirely. If
+      some authorities are able to download a specific vote, but others fail
+      to do so, then there may still be a consensus split. However, this
+      change does remove one common cause of consensus splits.
 
    VA-DistSeconds: The authorities calculate the consensus and exchange
    signatures.

More information about the tor-commits mailing list