diff options
author | Nick Mathewson <nickm@torproject.org> | 2009-05-27 14:33:44 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2009-05-27 14:33:44 -0400 |
commit | de4280ca65168cd3c480b4c4dfef9950ca5a6218 (patch) | |
tree | 0fc5a6338aa0d27edab45bfaf2c7b90167aa6c76 | |
parent | dcc540eff75371033c662644caab0e7bf2270922 (diff) | |
download | torspec-de4280ca65168cd3c480b4c4dfef9950ca5a6218.tar.gz torspec-de4280ca65168cd3c480b4c4dfef9950ca5a6218.zip |
Reject proposal 134
-rw-r--r-- | proposals/000-index.txt | 5 | ||||
-rw-r--r-- | proposals/134-robust-voting.txt | 22 | ||||
-rwxr-xr-x | proposals/reindex.py | 2 |
3 files changed, 24 insertions, 5 deletions
diff --git a/proposals/000-index.txt b/proposals/000-index.txt index 26622e8..b2907e0 100644 --- a/proposals/000-index.txt +++ b/proposals/000-index.txt @@ -54,7 +54,7 @@ Proposals by number: 131 Help users to verify they are using Tor [NEEDS-REVISION] 132 A Tor Web Service For Verifying Correct Browser Configuration [DRAFT] 133 Incorporate Unreachable ORs into the Tor Network [DRAFT] -134 More robust consensus voting with diverse authority sets [ACCEPTED] +134 More robust consensus voting with diverse authority sets [REJECTED] 135 Simplify Configuration of Private Tor Networks [CLOSED] 136 Mass authority migration with legacy keys [CLOSED] 137 Keep controllers informed as Tor bootstraps [CLOSED] @@ -115,7 +115,6 @@ Proposals by status: 110 Avoiding infinite length circuits [for 0.2.1.x] [in 0.2.1.3-alpha] 117 IPv6 exits [for 0.2.1.x] 118 Advertising multiple ORPorts at once [for 0.2.1.x] - 134 More robust consensus voting with diverse authority sets [for 0.2.2.x] 140 Provide diffs between consensuses [for 0.2.2.x] 147 Eliminate the need for v2 directories in generating v3 directories [for 0.2.1.x] 157 Make certificate downloads specific [for 0.2.1.x] @@ -167,3 +166,5 @@ Proposals by status: 120 Shutdown descriptors when Tor servers stop 128 Families of private bridges 142 Combine Introduction and Rendezvous Points + REJECTED: + 134 More robust consensus voting with diverse authority sets diff --git a/proposals/134-robust-voting.txt b/proposals/134-robust-voting.txt index 5d5e77f..c5dfb3b 100644 --- a/proposals/134-robust-voting.txt +++ b/proposals/134-robust-voting.txt @@ -2,8 +2,10 @@ Filename: 134-robust-voting.txt Title: More robust consensus voting with diverse authority sets Author: Peter Palfrader Created: 2008-04-01 -Status: Accepted -Target: 0.2.2.x +Status: Rejected + +History: + 2009 May 27: Added note on rejecting this proposal -- Nick Overview: @@ -103,3 +105,19 @@ Possible Attacks/Open Issues/Some thinking required: Q: Can this ever force us to build a consensus with authorities we do not recognize? A: No, we can never build a fully connected set with them in step 3. + +------------------------------ + +I'm rejecting this proposal as insecure. + +Suppose that we have a clique of size N, and M hostile members in the +clique. If these hostile members stop declaring trust for up to M-1 +good members of the clique, the clique with the hostile members will +in it will be larger than the one without them. + +The M hostile members will constitute a majority of this new clique +when M > (N-(M-1)) / 2, or when M > (N + 1) / 3. This breaks our +requirement that an adversary must compromise a majority of authorities +in order to control the consensus. + +-- Nick diff --git a/proposals/reindex.py b/proposals/reindex.py index 2b4c025..980bc06 100755 --- a/proposals/reindex.py +++ b/proposals/reindex.py @@ -4,7 +4,7 @@ import re, os class Error(Exception): pass STATUSES = """DRAFT NEEDS-REVISION NEEDS-RESEARCH OPEN ACCEPTED META FINISHED - CLOSED SUPERSEDED DEAD""".split() + CLOSED SUPERSEDED DEAD REJECTED""".split() REQUIRED_FIELDS = [ "Filename", "Status", "Title" ] CONDITIONAL_FIELDS = { "OPEN" : [ "Target" ], "ACCEPTED" : [ "Target "], |