[tor-commits] [torspec/main] Proposal 335: alternative implementation for MiddleOnly.

nickm at torproject.org nickm at torproject.org
Fri Oct 8 14:22:58 UTC 2021 

commit ecd41d465a5239a82e06ff88e4c03c2cbc99f2ec
Author: Nick Mathewson <nickm at torproject.org>
Date:   Fri Oct 8 10:22:53 2021 -0400

    Proposal 335: alternative implementation for MiddleOnly.
---
 proposals/000-index.txt            |  2 +
 proposals/335-middle-only-redux.md | 77 ++++++++++++++++++++++++++++++++++++++
 proposals/BY_INDEX.md              |  1 +
 proposals/README.md                |  1 +
 4 files changed, 81 insertions(+)

diff --git a/proposals/000-index.txt b/proposals/000-index.txt
index cb9a9fa..af0c8b1 100644
--- a/proposals/000-index.txt
+++ b/proposals/000-index.txt
@@ -255,6 +255,7 @@ Proposals by number:
 332  Ntor protocol with extra data, version 3 [OPEN]
 333  Vanguards lite [DRAFT]
 334  A Directory Authority Flag To Mark Relays As Middle-only [OPEN]
+335  An authority-only design for MiddleOnly [OPEN]
 
 
 Proposals by status:
@@ -300,6 +301,7 @@ Proposals by status:
    330  Modernizing authority contact entries
    332  Ntor protocol with extra data, version 3
    334  A Directory Authority Flag To Mark Relays As Middle-only
+   335  An authority-only design for MiddleOnly
  ACCEPTED:
    265  Load Balancing with Overhead Parameters [for 0.2.9.x]
    275  Stop including meaningful "published" time in microdescriptor consensus [for 0.3.1.x-alpha]
diff --git a/proposals/335-middle-only-redux.md b/proposals/335-middle-only-redux.md
new file mode 100644
index 0000000..19e6c1b
--- /dev/null
+++ b/proposals/335-middle-only-redux.md
@@ -0,0 +1,77 @@
+```
+Filename: 335-middle-only-redux.md
+Title: An authority-only design for MiddleOnly
+Author: Nick Mathewson
+Created: 2021-10-08
+Status: Open
+```
+
+# Introduction
+
+This proposal describes an alternative design for a `MiddleOnly`
+flag.  Instead of making changes at the client level, it adds a
+little increased complexity at the directory authority's voting
+process.  In return for that complexity, this design will work
+without additional changes required from Tor clients.
+
+For additional motivation and discussion see proposal 334 by Neel
+Chauhan, and the related discussions on tor-dev.
+
+# Protocol changes
+
+## Generating votes
+
+When voting for a relay with the `MiddleOnly` flag, an authority
+should set all flags indicating that a relay is unusable for a
+particular purpose, and against all flags indicating that the relay
+is usable for a particular position.
+
+These flags SHOULD be set in a vote whenever `MiddleOnly` is
+present, and only when the authority is configured to vote on the
+`BadExit` flag.
+
+  * `BadExit`
+
+These flags SHOULD be cleared in a vote whenever `MiddleOnly` is
+present.
+
+  * `Exit`
+  * `Guard`
+  * `HSDir`
+  * `V2Dir`
+
+## Computing a consensus
+
+This proposal will introduce a new consensus method (probably 32).
+Whenever computing a consensus using that consensus method or later,
+authorities post-process the set of flags that appear in the
+consensus after flag voting takes place, by applying the same rule
+as above.
+
+That is, with this consensus method, the authorities first compute
+the presence or absence of each flag on each relay as usual.  Then,
+if the `MiddleOnly` flag is present, the authorities set `BadExit`,
+and clear `Exit`, `Guard`, `HSDir`, and `V2Dir`.
+
+# Configuring authorities
+
+We'll need a means for configuring which relays will receive this
+flag.  For now, we'll just reuse the same mechanism as
+`AuthDirReject` and `AuthDirBadExit`: a set of torrc configuration
+lines listing relays by address.  We'll call this
+`AuthDirMiddleOnly`.
+
+We'll also add an `AuthDirListsMiddleOnly` option to turn on or off
+voting on this option at all.
+
+# Notes on safety and migration
+
+Under this design, the MiddleOnly option becomes useful immediately,
+since authorities that use it will stop voting for certain
+additional options for MiddleOnly relays without waiting for the
+other authorities.
+
+We don't need to worry about a single authority setting MiddleOnly
+unilaterally for all relays, since the MiddleOnly flag will have no
+special effect until most authorities have upgraded to the new
+consensus method.
diff --git a/proposals/BY_INDEX.md b/proposals/BY_INDEX.md
index 9fa8a78..5e07863 100644
--- a/proposals/BY_INDEX.md
+++ b/proposals/BY_INDEX.md
@@ -252,4 +252,5 @@ Below are a list of proposals sorted by their proposal number.  See
 * [`332-ntor-v3-with-extra-data.md`](/proposals/332-ntor-v3-with-extra-data.md): Ntor protocol with extra data, version 3 [OPEN]
 * [`333-vanguards-lite.md`](/proposals/333-vanguards-lite.md): Vanguards lite [DRAFT]
 * [`334-middle-only-flag.txt`](/proposals/334-middle-only-flag.txt): A Directory Authority Flag To Mark Relays As Middle-only [OPEN]
+* [`335-middle-only-redux.md`](/proposals/335-middle-only-redux.md): An authority-only design for MiddleOnly [OPEN]
 
diff --git a/proposals/README.md b/proposals/README.md
index 3e3645a..49968f8 100644
--- a/proposals/README.md
+++ b/proposals/README.md
@@ -42,6 +42,7 @@ for discussion.
 * [`330-authority-contact.md`](/proposals/330-authority-contact.md): Modernizing authority contact entries
 * [`332-ntor-v3-with-extra-data.md`](/proposals/332-ntor-v3-with-extra-data.md): Ntor protocol with extra data, version 3
 * [`334-middle-only-flag.txt`](/proposals/334-middle-only-flag.txt): A Directory Authority Flag To Mark Relays As Middle-only
+* [`335-middle-only-redux.md`](/proposals/335-middle-only-redux.md): An authority-only design for MiddleOnly
 
 
 ## ACCEPTED proposals: slated for implementation

More information about the tor-commits mailing list