diff options
| author | teor <teor@torproject.org> | 2020-02-18 13:00:49 +1000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2020-02-20 08:19:12 -0500 |
| commit | a3006814874f18efd9bcabd4733e0811eca445b5 (patch) | |
| tree | ac4f03ef10bfc0e00646040f241d2355c11c3b29 /dir-spec.txt | |
| parent | 429dd3ab775f2b493c8cf3c9eb4d1f3456520379 (diff) | |
| download | torspec-a3006814874f18efd9bcabd4733e0811eca445b5.tar.gz torspec-a3006814874f18efd9bcabd4733e0811eca445b5.zip | |
dir-spec: Edit uploaded vote rejection spec
Be more specific: clearly distinguish between uploaded and downloaded
votes.
Add the Tor version that introduces this behaviour.
Spec for ticket 4631.
Diffstat (limited to 'dir-spec.txt')
| -rw-r--r-- | dir-spec.txt | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/dir-spec.txt b/dir-spec.txt index a5f7460..1e91070 100644 --- a/dir-spec.txt +++ b/dir-spec.txt @@ -317,24 +317,28 @@ The timeline for a given consensus is as follows: - VA-DistSeconds-VoteSeconds: The authorities exchange votes. + VA-DistSeconds-VoteSeconds: The authorities exchange votes. Each authority + uploads their vote to all other authorities. VA-DistSeconds-VoteSeconds/2: The authorities try to download any - votes they don't have. Furthermore, they stopped accepting vote posted to - them. - - Note: The reason why the vote should be refused is to minimize the - chance of a consensus split if the authorities are under bandwidth - pressure. If an authority is struggling to upload its vote and finally - does it on a fraction of authorities after this period, they will - compute a consensus different from the others. By refusing the vote - after this period, we increase our chances that everyone will use the - same vote set. - - It does not fix the problem entirely because the problem also exists if - N authorities are able to fetch a specific vote but M authorities fail - to do so. However, it is an improvement towards making sure each - authority has the same set of votes. + votes they don't have. + + Authorities SHOULD also reject any votes that other authorities try to + upload after this time. (0.4.4.1-alpha was the first version to reject votes + in this way.) + + Note: Refusing late uploaded votes minimises the chance of a consensus + split, particular when authorities are under bandwidth pressure. If an + authority is struggling to upload its vote, and finally uploads to a + fraction of authorities after this period, they will compute a consensus + different from the others. By refusing uploaded votes after this time, + we increase the likelihood that most authorities will use the same vote + set. + + Rejecting late uploaded votes does not fix the problem entirely. If + some authorities are able to download a specific vote, but others fail + to do so, then there may still be a consensus split. However, this + change does remove one common cause of consensus splits. VA-DistSeconds: The authorities calculate the consensus and exchange signatures. |