[tor-dev] Proposal 272: Listed routers should be Valid, Running, and treated as such

Nick Mathewson nickm at torproject.org
Fri Aug 26 17:49:01 UTC 2016 

Filename: 272-valid-and-running-by-default.txt
Title: Listed routers should be Valid, Running, and treated as such
Created: 26 Aug 2016
Author: Nick Mathewson
Status: Open

1. Introduction and proposal.

   This proposal describes a change in how clients understand consensus
   flags, and how authorities vote on consensuses.

1.1. Authority-side changes

   Back in proposal 138, we made it so that non-Running routers were not
   included in the consensus documents. We should do the same with the
   Valid flag.  Specifically, after voting, if the authorities find that
   a router would not receive the Valid flag, they should not include it
   at all.

   This will require the allocation of a new consensus method, since it
   is a change in how consensuses are made from votes.

   In the most recent consensus, it will affect exactly 1 router.

1.2. Client-side changes

   I propose that clients should consider every listed router to be
   listed as Running and Valid if any consensus method above or higher
   is in use.

2. Benefits

   Removing the notion of listed but invalid routers will remove an
   opportunity for error, and let us remove some client side code.

   More interestingly, the above changes would allow us to eventually
   stop including the Running and Valid flags, thereby providing an
   authority-side way to feature-gate clients off of the Tor network
   without a fast-zombie problem. (See proposal 266 for discussion.)


A. An additional possible change

   Perhaps authorities might also treat BadExit like they treat the
   absence of Valid and Running: as sufficient reason to not include a
   router in the consensus.  Right now, there are only 4 listed BadExit
   routers in the consensus, amounting to a small fraction of total
   bandwidth.

   Making this change would allow us to remove the client-side badexit
   logic.


B. Does this solve the zombie problem?

   I tested it a little, and it does seem to be a way to make even the
   most ancient consensus-understanding Tors stop fetching descriptors
   and using the network. More testing needed though.

More information about the tor-dev mailing list