[tor-commits] [torspec/master] prop315: update to describe bridges

nickm at torproject.org nickm at torproject.org
Mon May 11 13:45:34 UTC 2020 

commit e889dbe264175e6d6d81208497f651307c1de9d4
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon May 11 09:44:48 2020 -0400

    prop315: update to describe bridges
    
    We need to be a little more careful when making things required on
    bridge descriptors, but only a little: the partitioning
    opportunities aren't that bad.
---
 proposals/315-update-dir-required-fields.txt | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/proposals/315-update-dir-required-fields.txt b/proposals/315-update-dir-required-fields.txt
index 1ee2e54..c22536c 100644
--- a/proposals/315-update-dir-required-fields.txt
+++ b/proposals/315-update-dir-required-fields.txt
@@ -31,9 +31,9 @@ Status: Open
 
 2. When fields should become required
 
-   We have three relevant kinds of directory documents: those
-   generated by relays, those generated by authorities, and those
-   generated by onion services.
+   We have four relevant kinds of directory documents: those
+   generated by public relays, those generated by bridges, those
+   generated by authorities, and those generated by onion services.
 
    Relays generate extrainfo documents and routerdesc documents.
    For these, we can safely make a field required when it is always
@@ -46,6 +46,20 @@ Status: Open
    change the semantics so that the field is assumed to be
    present. Later we can remove the option.)
 
+   Bridge relays have their descriptors processed by clients
+   without necessarily passing through authorities.
+   We can make fields mandatory in bridge descriptors once we
+   can be confident that no bridge lacking them will actually
+   connect to the network-- or that all such bridges are safe
+   to stop using.
+
+   For bridges, when a field becomes required, it will take some
+   time before all clients require that field.  This would create a
+   partitioning opportunity, but partitioning at the first-hop
+   position is not so strong: the bridge already knows the client's
+   IP, which is a much better identifier than the client's Tor
+   version.
+
    Authorities generate authority certificates, votes, consensus
    documents, and microdescriptors.  For these, we can safely make a
    field required once all authorities are generating it, and we are

More information about the tor-commits mailing list