Merge branch 'ticket211' into 'main'

Ticket211

See merge request tpo/core/torspec!168

10 files changed, 52 insertions, 32 deletions

diff --git a/proposals/000-index.txt b/proposals/000-index.txt
index 3cee3ae..ff6bf8b 100644
--- a/proposals/000-index.txt
+++ b/proposals/000-index.txt
@@ -185,7 +185,7 @@ Proposals by number:
 262  Re-keying live circuits with new cryptographic material [RESERVE]
 263  Request to change key exchange protocol for handshake v1.2 [OBSOLETE]
 264  Putting version numbers on the Tor subprotocols [CLOSED]
-265  Load Balancing with Overhead Parameters [ACCEPTED]
+265  Load Balancing with Overhead Parameters [OPEN]
 266  Removing current obsolete clients from the Tor network [SUPERSEDED]
 267  Tor Consensus Transparency [OPEN]
 268  New Guard Selection Behaviour [OBSOLETE]
@@ -211,7 +211,7 @@ Proposals by number:
 288  Privacy-Preserving Statistics with Privcount in Tor (Shamir version) [RESERVE]
 289  Authenticating sendme cells to mitigate bandwidth attacks [CLOSED]
 290  Continuously update consensus methods [META]
-291  The move to two guard nodes [NEEDS-REVISION]
+291  The move to two guard nodes [FINISHED]
 292  Mesh-based vanguards [ACCEPTED]
 293  Other ways for relays to know when to publish [CLOSED]
 294  TLS 1.3 Migration [DRAFT]
@@ -244,12 +244,12 @@ Proposals by number:
 321  Better performance and usability for the MyFamily option (v2) [ACCEPTED]
 322  Extending link specifiers to include the directory port [OPEN]
 323  Specification for Walking Onions [OPEN]
-324  RTT-based Congestion Control for Tor [OPEN]
+324  RTT-based Congestion Control for Tor [FINISHED]
 325  Packed relay cells: saving space on small commands [OBSOLETE]
 326  The "tor-relay" Well-Known Resource Identifier [OPEN]
-327  A First Take at PoW Over Introduction Circuits [DRAFT]
+327  A First Take at PoW Over Introduction Circuits [FINISHED]
 328  Make Relays Report When They Are Overloaded [CLOSED]
-329  Overcoming Tor's Bottlenecks with Traffic Splitting [NEEDS-REVISION]
+329  Overcoming Tor's Bottlenecks with Traffic Splitting [FINISHED]
 330  Modernizing authority contact entries [OPEN]
 331  Res tokens: Anonymous Credentials for Onion Service DoS Resilience [DRAFT]
 332  Ntor protocol with extra data, version 3 [FINISHED]
@@ -272,7 +272,6 @@ Proposals by status:
  DRAFT:
    294  TLS 1.3 Migration
    316  FlashFlow: A Secure Speed Test for Tor (Parent Proposal)
-   327  A First Take at PoW Over Introduction Circuits
    331  Res tokens: Anonymous Credentials for Onion Service DoS Resilience
    342  Decoupling hs_interval and SRV lifetime
  NEEDS-REVISION:
@@ -282,12 +281,11 @@ Proposals by status:
    248  Remove all RSA identity keys
    269  Transitionally secure hybrid handshakes
    279  A Name System API for Tor Onion Services
-   291  The move to two guard nodes
    317  Improve security aspects of DNS name resolution
-   329  Overcoming Tor's Bottlenecks with Traffic Splitting
  OPEN:
    239  Consensus Hash Chaining
    240  Early signing key revocation for directory authorities
+   265  Load Balancing with Overhead Parameters [for arti-dirauth]
    267  Tor Consensus Transparency
    277  Detect multiple relay instances running with same ID [for 0.3.??]
    287  Reduce circuit lifetime without overloading the network
@@ -297,7 +295,6 @@ Proposals by status:
    309  Optimistic SOCKS Data
    322  Extending link specifiers to include the directory port
    323  Specification for Walking Onions
-   324  RTT-based Congestion Control for Tor
    326  The "tor-relay" Well-Known Resource Identifier
    330  Modernizing authority contact entries
    340  Packed and fragmented relay messages
@@ -305,9 +302,8 @@ Proposals by status:
    343  CAA Extensions for the Tor Rendezvous Specification
    344  Prioritizing Protocol Information Leaks in Tor
  ACCEPTED:
-   265  Load Balancing with Overhead Parameters [for 0.2.9.x]
-   282  Remove "Named" and "Unnamed" handling from consensus voting [for 0.3.3.x]
-   285  Directory documents should be standardized as UTF-8
+   282  Remove "Named" and "Unnamed" handling from consensus voting [for arti-dirauth]
+   285  Directory documents should be standardized as UTF-8 [for arti-dirauth]
    292  Mesh-based vanguards
    301  Don't include package fingerprints in consensus documents
    311  Tor Relay IPv6 Reachability
@@ -324,6 +320,10 @@ Proposals by status:
    290  Continuously update consensus methods
  FINISHED:
    260  Rendezvous Single Onion Services [in 0.2.9.3-alpha]
+   291  The move to two guard nodes
+   324  RTT-based Congestion Control for Tor
+   327  A First Take at PoW Over Introduction Circuits
+   329  Overcoming Tor's Bottlenecks with Traffic Splitting
    332  Ntor protocol with extra data, version 3
    333  Vanguards lite [in 0.4.7.1-alpha]
  CLOSED:
diff --git a/proposals/265-load-balancing-with-overhead.txt b/proposals/265-load-balancing-with-overhead.txt
index e79d0a1..c6e6ba6 100644
--- a/proposals/265-load-balancing-with-overhead.txt
+++ b/proposals/265-load-balancing-with-overhead.txt
@@ -2,8 +2,27 @@ Filename: 265-load-balancing-with-overhead.txt
 Title: Load Balancing with Overhead Parameters
 Authors: Mike Perry
 Created: 01 January 2016
-Status: Accepted
-Target: 0.2.9.x
+Status: Open
+Target: arti-dirauth
+
+NOTE: This is one way to address several load balancing problems in Tor,
+including padding overhead and Exit+Guard issues. However, before attempting
+this, we should see if we can simplify the equations further by changing how
+we assign Guard, Fast and Stable flags in the first place. If we assign Guard
+flags such that Guards are properly allocated wrt Middle and Fast, and avoid
+assigning Guard to Exit, this will become simpler. Unfortunately, this is
+literally impossible to fix with C-Tor. In adition to numerous overrides and
+disparate safety checks that prevent changes, several bugs mean that Guard,
+Stable, and Fast flags are randomly assigned: See:
+  https://gitlab.torproject.org/tpo/core/tor/-/issues/40230
+  https://gitlab.torproject.org/tpo/core/tor/-/issues/40395
+  https://gitlab.torproject.org/tpo/core/tor/-/issues/19162
+  https://gitlab.torproject.org/tpo/core/tor/-/issues/40733
+  https://gitlab.torproject.org/tpo/network-health/analysis/-/issues/45
+  https://gitlab.torproject.org/tpo/core/torspec/-/issues/100
+  https://gitlab.torproject.org/tpo/core/torspec/-/issues/160
+  https://gitlab.torproject.org/tpo/core/torspec/-/issues/158
+
 
 
 0. Motivation
diff --git a/proposals/282-remove-named-from-consensus.txt b/proposals/282-remove-named-from-consensus.txt
index 7fc28f0..eeef519 100644
--- a/proposals/282-remove-named-from-consensus.txt
+++ b/proposals/282-remove-named-from-consensus.txt
@@ -3,7 +3,7 @@ Title: Remove "Named" and "Unnamed" handling from consensus voting
 Author: Nick Mathewson
 Created: 12-Sep-2017
 Status: Accepted
-Target: 0.3.3.x
+Target: arti-dirauth
 
 1. Summary
 
diff --git a/proposals/285-utf-8.txt b/proposals/285-utf-8.txt
index c393e46..cb7bab4 100644
--- a/proposals/285-utf-8.txt
+++ b/proposals/285-utf-8.txt
@@ -3,6 +3,8 @@ Title: Directory documents should be standardized as UTF-8
 Author: Nick Mathewson
 Created: 13 November 2017
 Status: Accepted
+Target: arti-dirauth
+Ticket: https://gitlab.torproject.org/tpo/core/tor/-/issues/40131
 
 1. Summary and motivation
 
diff --git a/proposals/291-two-guard-nodes.txt b/proposals/291-two-guard-nodes.txt
index a9554c6..56424cc 100644
--- a/proposals/291-two-guard-nodes.txt
+++ b/proposals/291-two-guard-nodes.txt
@@ -3,7 +3,7 @@ Title: The move to two guard nodes
 Author: Mike Perry
 Created: 2018-03-22
 Supersedes: Proposal 236
-Status: Needs-Revision
+Status: Finished
 
 0. Background
 
diff --git a/proposals/324-rtt-congestion-control.txt b/proposals/324-rtt-congestion-control.txt
index 582c54d..4235be8 100644
--- a/proposals/324-rtt-congestion-control.txt
+++ b/proposals/324-rtt-congestion-control.txt
@@ -2,7 +2,7 @@ Filename: 324-rtt-congestion-control.txt
 Title: RTT-based Congestion Control for Tor
 Author: Mike Perry
 Created: 02 July 2020
-Status: Open
+Status: Finished
 
 
 0. Motivation [MOTIVATION]
@@ -2148,7 +2148,7 @@ The client MUST reject an ntorv3 reply with field EXT_FIELD_TYPE=02, if the
 client did not include EXT_FIELD_TYPE=01 in its handshake.
 
 The client SHOULD reject a sendme_inc field value that differs from the
-current 'cc_sendme_inc' consensus parameter by more than a factor of 2, in
+current 'cc_sendme_inc' consensus parameter by more than +/- 1, in
 either direction.
 
 If a client rejects a handshake, it MUST close the circuit.
@@ -2159,8 +2159,7 @@ The pedantic reader will note that a rogue consensus can cause all clients
 to decide to close circuits by changing 'cc_sendme_inc' by a large margin.
 
 As a matter of policy, the directory authorities MUST NOT change
-'cc_sendme_inc' by more than a factor of two (2), within a four (4) hour
-window, for this reason.
+'cc_sendme_inc' by more than +/- 1.
 
 In Shadow simulation, the optimal 'cc_sendme_inc' value to be ~31 cells, or
 one (1) TLS record worth of cells. We do not expect to change this value
diff --git a/proposals/327-pow-over-intro.txt b/proposals/327-pow-over-intro.txt
index db17c06..bcaf6f3 100644
--- a/proposals/327-pow-over-intro.txt
+++ b/proposals/327-pow-over-intro.txt
@@ -2,7 +2,7 @@ Filename: 327-pow-over-intro.txt
 Title: A First Take at PoW Over Introduction Circuits
 Author: George Kadianakis, Mike Perry, David Goulet, tevador
 Created: 2 April 2020
-Status: Draft
+Status: Finished
 
 0. Abstract
 
diff --git a/proposals/329-traffic-splitting.txt b/proposals/329-traffic-splitting.txt
index 93655f0..2a24f1f 100644
--- a/proposals/329-traffic-splitting.txt
+++ b/proposals/329-traffic-splitting.txt
@@ -2,7 +2,7 @@ Filename: 329-traffic-splitting.txt
 Title: Overcoming Tor's Bottlenecks with Traffic Splitting
 Author: David Goulet, Mike Perry
 Created: 2020-11-25
-Status: Needs-Revision
+Status: Finished
 
 0. Status
 
diff --git a/proposals/BY_INDEX.md b/proposals/BY_INDEX.md
index 6a54205..c0ab2d8 100644
--- a/proposals/BY_INDEX.md
+++ b/proposals/BY_INDEX.md
@@ -182,7 +182,7 @@ Below are a list of proposals sorted by their proposal number.  See
 * [`262-rekey-circuits.txt`](/proposals/262-rekey-circuits.txt): Re-keying live circuits with new cryptographic material [RESERVE]
 * [`263-ntru-for-pq-handshake.txt`](/proposals/263-ntru-for-pq-handshake.txt): Request to change key exchange protocol for handshake v1.2 [OBSOLETE]
 * [`264-subprotocol-versions.txt`](/proposals/264-subprotocol-versions.txt): Putting version numbers on the Tor subprotocols [CLOSED]
-* [`265-load-balancing-with-overhead.txt`](/proposals/265-load-balancing-with-overhead.txt): Load Balancing with Overhead Parameters [ACCEPTED]
+* [`265-load-balancing-with-overhead.txt`](/proposals/265-load-balancing-with-overhead.txt): Load Balancing with Overhead Parameters [OPEN]
 * [`266-removing-current-obsolete-clients.txt`](/proposals/266-removing-current-obsolete-clients.txt): Removing current obsolete clients from the Tor network [SUPERSEDED]
 * [`267-tor-consensus-transparency.txt`](/proposals/267-tor-consensus-transparency.txt): Tor Consensus Transparency [OPEN]
 * [`268-guard-selection.txt`](/proposals/268-guard-selection.txt): New Guard Selection Behaviour [OBSOLETE]
@@ -208,7 +208,7 @@ Below are a list of proposals sorted by their proposal number.  See
 * [`288-privcount-with-shamir.txt`](/proposals/288-privcount-with-shamir.txt): Privacy-Preserving Statistics with Privcount in Tor (Shamir version) [RESERVE]
 * [`289-authenticated-sendmes.txt`](/proposals/289-authenticated-sendmes.txt): Authenticating sendme cells to mitigate bandwidth attacks [CLOSED]
 * [`290-deprecate-consensus-methods.txt`](/proposals/290-deprecate-consensus-methods.txt): Continuously update consensus methods [META]
-* [`291-two-guard-nodes.txt`](/proposals/291-two-guard-nodes.txt): The move to two guard nodes [NEEDS-REVISION]
+* [`291-two-guard-nodes.txt`](/proposals/291-two-guard-nodes.txt): The move to two guard nodes [FINISHED]
 * [`292-mesh-vanguards.txt`](/proposals/292-mesh-vanguards.txt): Mesh-based vanguards [ACCEPTED]
 * [`293-know-when-to-publish.txt`](/proposals/293-know-when-to-publish.txt): Other ways for relays to know when to publish [CLOSED]
 * [`294-tls-1.3.txt`](/proposals/294-tls-1.3.txt): TLS 1.3 Migration [DRAFT]
@@ -241,12 +241,12 @@ Below are a list of proposals sorted by their proposal number.  See
 * [`321-happy-families.md`](/proposals/321-happy-families.md): Better performance and usability for the MyFamily option (v2) [ACCEPTED]
 * [`322-dirport-linkspec.md`](/proposals/322-dirport-linkspec.md): Extending link specifiers to include the directory port [OPEN]
 * [`323-walking-onions-full.md`](/proposals/323-walking-onions-full.md): Specification for Walking Onions [OPEN]
-* [`324-rtt-congestion-control.txt`](/proposals/324-rtt-congestion-control.txt): RTT-based Congestion Control for Tor [OPEN]
+* [`324-rtt-congestion-control.txt`](/proposals/324-rtt-congestion-control.txt): RTT-based Congestion Control for Tor [FINISHED]
 * [`325-packed-relay-cells.md`](/proposals/325-packed-relay-cells.md): Packed relay cells: saving space on small commands [OBSOLETE]
 * [`326-tor-relay-well-known-uri-rfc8615.md`](/proposals/326-tor-relay-well-known-uri-rfc8615.md): The "tor-relay" Well-Known Resource Identifier [OPEN]
-* [`327-pow-over-intro.txt`](/proposals/327-pow-over-intro.txt): A First Take at PoW Over Introduction Circuits [DRAFT]
+* [`327-pow-over-intro.txt`](/proposals/327-pow-over-intro.txt): A First Take at PoW Over Introduction Circuits [FINISHED]
 * [`328-relay-overload-report.md`](/proposals/328-relay-overload-report.md): Make Relays Report When They Are Overloaded [CLOSED]
-* [`329-traffic-splitting.txt`](/proposals/329-traffic-splitting.txt): Overcoming Tor's Bottlenecks with Traffic Splitting [NEEDS-REVISION]
+* [`329-traffic-splitting.txt`](/proposals/329-traffic-splitting.txt): Overcoming Tor's Bottlenecks with Traffic Splitting [FINISHED]
 * [`330-authority-contact.md`](/proposals/330-authority-contact.md): Modernizing authority contact entries [OPEN]
 * [`331-res-tokens-for-anti-dos.md`](/proposals/331-res-tokens-for-anti-dos.md): Res tokens: Anonymous Credentials for Onion Service DoS Resilience [DRAFT]
 * [`332-ntor-v3-with-extra-data.md`](/proposals/332-ntor-v3-with-extra-data.md): Ntor protocol with extra data, version 3 [FINISHED]
diff --git a/proposals/README.md b/proposals/README.md
index 1ae4f56..4503667 100644
--- a/proposals/README.md
+++ b/proposals/README.md
@@ -22,6 +22,7 @@ for discussion.
 
 * [`239-consensus-hash-chaining.txt`](/proposals/239-consensus-hash-chaining.txt): Consensus Hash Chaining
 * [`240-auth-cert-revocation.txt`](/proposals/240-auth-cert-revocation.txt): Early signing key revocation for directory authorities
+* [`265-load-balancing-with-overhead.txt`](/proposals/265-load-balancing-with-overhead.txt): Load Balancing with Overhead Parameters
 * [`267-tor-consensus-transparency.txt`](/proposals/267-tor-consensus-transparency.txt): Tor Consensus Transparency
 * [`277-detect-id-sharing.txt`](/proposals/277-detect-id-sharing.txt): Detect multiple relay instances running with same ID
 * [`287-reduce-lifetime.txt`](/proposals/287-reduce-lifetime.txt): Reduce circuit lifetime without overloading the network
@@ -31,7 +32,6 @@ for discussion.
 * [`309-optimistic-socks-in-tor.txt`](/proposals/309-optimistic-socks-in-tor.txt): Optimistic SOCKS Data
 * [`322-dirport-linkspec.md`](/proposals/322-dirport-linkspec.md): Extending link specifiers to include the directory port
 * [`323-walking-onions-full.md`](/proposals/323-walking-onions-full.md): Specification for Walking Onions
-* [`324-rtt-congestion-control.txt`](/proposals/324-rtt-congestion-control.txt): RTT-based Congestion Control for Tor
 * [`326-tor-relay-well-known-uri-rfc8615.md`](/proposals/326-tor-relay-well-known-uri-rfc8615.md): The "tor-relay" Well-Known Resource Identifier
 * [`330-authority-contact.md`](/proposals/330-authority-contact.md): Modernizing authority contact entries
 * [`340-packed-and-fragmented.md`](/proposals/340-packed-and-fragmented.md): Packed and fragmented relay messages
@@ -46,7 +46,6 @@ These are the proposals that we agree we'd like to implement.  They
 might or might not have a specific timeframe planned for their
 implementation.
 
-* [`265-load-balancing-with-overhead.txt`](/proposals/265-load-balancing-with-overhead.txt): Load Balancing with Overhead Parameters
 * [`282-remove-named-from-consensus.txt`](/proposals/282-remove-named-from-consensus.txt): Remove "Named" and "Unnamed" handling from consensus voting
 * [`285-utf-8.txt`](/proposals/285-utf-8.txt): Directory documents should be standardized as UTF-8
 * [`292-mesh-vanguards.txt`](/proposals/292-mesh-vanguards.txt): Mesh-based vanguards
@@ -65,6 +64,10 @@ These proposals are implemented in some version of Tor; the proposals
 themselves still need to be merged into the specifications proper.
 
 * [`260-rend-single-onion.txt`](/proposals/260-rend-single-onion.txt): Rendezvous Single Onion Services
+* [`291-two-guard-nodes.txt`](/proposals/291-two-guard-nodes.txt): The move to two guard nodes
+* [`324-rtt-congestion-control.txt`](/proposals/324-rtt-congestion-control.txt): RTT-based Congestion Control for Tor
+* [`327-pow-over-intro.txt`](/proposals/327-pow-over-intro.txt): A First Take at PoW Over Introduction Circuits
+* [`329-traffic-splitting.txt`](/proposals/329-traffic-splitting.txt): Overcoming Tor's Bottlenecks with Traffic Splitting
 * [`332-ntor-v3-with-extra-data.md`](/proposals/332-ntor-v3-with-extra-data.md): Ntor protocol with extra data, version 3
 * [`333-vanguards-lite.md`](/proposals/333-vanguards-lite.md): Vanguards lite
 
@@ -100,7 +103,6 @@ discussion.
 
 * [`294-tls-1.3.txt`](/proposals/294-tls-1.3.txt): TLS 1.3 Migration
 * [`316-flashflow.md`](/proposals/316-flashflow.md): FlashFlow: A Secure Speed Test for Tor (Parent Proposal)
-* [`327-pow-over-intro.txt`](/proposals/327-pow-over-intro.txt): A First Take at PoW Over Introduction Circuits
 * [`331-res-tokens-for-anti-dos.md`](/proposals/331-res-tokens-for-anti-dos.md): Res tokens: Anonymous Credentials for Onion Service DoS Resilience
 * [`342-decouple-hs-interval.md`](/proposals/342-decouple-hs-interval.md): Decoupling hs_interval and SRV lifetime
 
@@ -116,9 +118,7 @@ certain changes.
 * [`248-removing-rsa-identities.txt`](/proposals/248-removing-rsa-identities.txt): Remove all RSA identity keys
 * [`269-hybrid-handshake.txt`](/proposals/269-hybrid-handshake.txt): Transitionally secure hybrid handshakes
 * [`279-naming-layer-api.txt`](/proposals/279-naming-layer-api.txt): A Name System API for Tor Onion Services
-* [`291-two-guard-nodes.txt`](/proposals/291-two-guard-nodes.txt): The move to two guard nodes
 * [`317-secure-dns-name-resolution.txt`](/proposals/317-secure-dns-name-resolution.txt): Improve security aspects of DNS name resolution
-* [`329-traffic-splitting.txt`](/proposals/329-traffic-splitting.txt): Overcoming Tor's Bottlenecks with Traffic Splitting
 
 
 ## NEEDS-RESEARCH proposals: blocking on research