diff options
author | David Goulet <dgoulet@torproject.org> | 2023-07-12 12:19:19 +0000 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2023-07-12 12:19:19 +0000 |
commit | 7bddec184e3b977601fe4ef3685bc1cbff3b356b (patch) | |
tree | 8c31fc06fb034ec6ed52279105173b36376441f3 | |
parent | 1f5d4691f0d4bdd4082ad2405216ed4c89a04caa (diff) | |
parent | 6fdb77acb381b020ddc617636c65f242f442417e (diff) | |
download | torspec-7bddec184e3b977601fe4ef3685bc1cbff3b356b.tar.gz torspec-7bddec184e3b977601fe4ef3685bc1cbff3b356b.zip |
Merge branch 'bug40805' into 'main'
explain implementation details from #40805 fix
See merge request tpo/core/torspec!151
-rw-r--r-- | proposals/333-vanguards-lite.md | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/proposals/333-vanguards-lite.md b/proposals/333-vanguards-lite.md index 5e62b03..8c1ccb9 100644 --- a/proposals/333-vanguards-lite.md +++ b/proposals/333-vanguards-lite.md @@ -46,14 +46,14 @@ Implemented-In: 0.4.7.1-alpha Service intro: C -> G -> L2 -> M -> Intro Service hsdir: C -> G -> L2 -> M -> HSDir -# 3. Rotation Period Analysis +# 2. Rotation Period Analysis From the table in Section 3.1 of Proposal 292, with NUM_LAYER2_GUARDS=4 it can be seen that this means that the Sybil attack on Layer2 will complete with 50% chance in 18*7 days (126 days) for the 1% adversary, 4*7 days (one month) for the 5% adversary, and 2*7 days (two weeks) for the 10% adversary. -# 4. Tradeoffs from Proposal 292 +# 3. Tradeoffs from Proposal 292 This proposal has several advantages over Proposal 292: @@ -69,7 +69,25 @@ Implemented-In: 0.4.7.1-alpha protected, and this proposal might provide those services with a false sense of security. Such services should still use the vanguards addon [VANGUARDS_REF]. -# 4. References +# 4. Implementation nuances + + Tor replaces an L2 vanguard whenever it is no longer listed in the most + recent consensus, with the goal that we will always have the right + number of vanguards ready to be used. + + For implementation reasons, we also replace a vanguard if it loses + the Fast or Stable flag, because the path selection logic wants middle + nodes to have those flags when it's building preemptive vanguard-using + circuits. + + The design doesn't have to be this way: we might instead have chosen + to keep vanguards in our list as long as possible, and continue to use + them even if they have lost some flags. This tradeoff is similar to + the one in https://bugs.torproject.org/17773 about whether to continue + using Entry Guards if they lose the Guard flag -- and Tor's current + choice is "no, rotate" for that case too. + +# 5. References [PROP292_REF]: https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/292-mesh-vanguards.txt [VANGUARDS_REF]: https://github.com/mikeperry-tor/vanguards |