[tor-dev] Review of Proposal 165: Easy migration for voting authority sets (was: Tor proposal status (December 2013))

Karsten Loesing karsten at torproject.org
Sun Dec 22 15:27:47 UTC 2013

On 12/17/13 10:31 PM, Nick Mathewson wrote:
> 165  Easy migration for voting authority sets
>      This is a design for how to change the set of authorities without
>      having a flag day where the authority operators all reconfigure
>      their authorities at once.  It needs more discussion.  One
>      difficulty here is that we aren't talking much about changing the
>      set of authorities, but that may be a chicken-and-egg issue, since
>      changing the set is so onerous.
>      If anybody is interested, it would be great to move the discussion
>      ahead here. (5/2011)

Hi Nick,

(just in case you're wondering, I'm going through all proposals in your
list that have to do with the directory protocol and try to review them)

Proposal 165 looks like a fine idea, and the algorithm looks plausible
to me.  I'd say let's do it!

So, what discussion would you want to see here?  Are you hoping for some
kind of "proof" that the suggested algorithm cannot break under certain
assumptions?  I don't know how to write one.  But this could be a fine
question for a grad student or researcher.  For example, a few days ago
we have been asked for research questions for small doctoral projects,
and this could be a fine topic.

Or did you expect to hear from current and prospective authority
operators?  As a former authority operator I can say that I'd really
have appreciated a two-phase process where everyone first configures a
second voting set and then removes the first voting set.

Or were you hoping for somebody to implement the proposal?  Doesn't seem
terribly difficult, so maybe we'd find somebody if we created a Trac
ticket for it.

Here's some feedback, though nothing really important:

- Branch prop165tweaks in my public torspec repository has a few tweaks.

- You say in "Migration issues" that we should keep track somewhere
which Tor client versions recognized which authorities.  Would it be
sufficient to write a little shell script that searches the git history
of config.c for changes to trusted authorities and prints out which tags
first contained those commits.

Let me know if I can help with anything here.

All the best,

More information about the tor-dev mailing list