[tor-dev] prop224: What should we do with torrc options?

teor teor2345 at gmail.com
Mon Dec 5 23:43:03 UTC 2016

> On 6 Dec. 2016, at 10:32, David Goulet <dgoulet at ev0ke.net> wrote:
> On 06 Dec (10:09:57), teor wrote:
>>> ...
>> Here's a suggested strategy:
>> * at load time, validate the HS options as if v2 is the default, and
>>  validate them as if v3 is the default, and fail if either validation
>>  fails.
>> * then, act on the HS options as if v2 is the default, and also act as
>>  if v3 is the default, and fail if either action fails.
>>  (We need to do this because we don't discover some option issues
>>  until runtime, such as whether the directory can be created.)
>> * then, when each consensus is downloaded, publish whichever descriptor
>>  is the default in the consensus (if the HS config does not specify
>>  a specific version).
> This is a reasonable way to proceed considering we use a consensus param to
> know which version of default HS to create. I see this as more of an
> engineering problem that can be solved.
> Which what I would like us to decide on if we think that consensus param
> controlling the default version is a good idea or not. If we think yes, we can
> pull it off, if not everything is simpler :).
> So just to be clear, I'm behind you on the concern of making sure we validate
> the options on launch instead of failing at consensus download. There are ways
> we can address that like you outlined above.

Yes, I think it is possible, and a better outcome than baking a protocol
default into the first release we want to use it in.

As long as you are willing to put in the extra dev and test effort!


Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
xmpp: teor at torproject dot org

More information about the tor-dev mailing list