diff options
| author | Nick Mathewson <nickm@torproject.org> | 2020-05-11 09:44:48 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2020-05-11 09:44:48 -0400 |
| commit | e889dbe264175e6d6d81208497f651307c1de9d4 (patch) | |
| tree | 98c89b45610b7cb99ac611ce0abda3c280a0442b /proposals/315-update-dir-required-fields.txt | |
| parent | 00d67ace14282f14812a86e6d1123a4f2ce690c3 (diff) | |
| download | torspec-e889dbe264175e6d6d81208497f651307c1de9d4.tar.gz torspec-e889dbe264175e6d6d81208497f651307c1de9d4.zip | |
prop315: update to describe bridges
We need to be a little more careful when making things required on
bridge descriptors, but only a little: the partitioning
opportunities aren't that bad.
Diffstat (limited to 'proposals/315-update-dir-required-fields.txt')
| -rw-r--r-- | proposals/315-update-dir-required-fields.txt | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/proposals/315-update-dir-required-fields.txt b/proposals/315-update-dir-required-fields.txt index 1ee2e54..c22536c 100644 --- a/proposals/315-update-dir-required-fields.txt +++ b/proposals/315-update-dir-required-fields.txt @@ -31,9 +31,9 @@ Status: Open 2. When fields should become required - We have three relevant kinds of directory documents: those - generated by relays, those generated by authorities, and those - generated by onion services. + We have four relevant kinds of directory documents: those + generated by public relays, those generated by bridges, those + generated by authorities, and those generated by onion services. Relays generate extrainfo documents and routerdesc documents. For these, we can safely make a field required when it is always @@ -46,6 +46,20 @@ Status: Open change the semantics so that the field is assumed to be present. Later we can remove the option.) + Bridge relays have their descriptors processed by clients + without necessarily passing through authorities. + We can make fields mandatory in bridge descriptors once we + can be confident that no bridge lacking them will actually + connect to the network-- or that all such bridges are safe + to stop using. + + For bridges, when a field becomes required, it will take some + time before all clients require that field. This would create a + partitioning opportunity, but partitioning at the first-hop + position is not so strong: the bridge already knows the client's + IP, which is a much better identifier than the client's Tor + version. + Authorities generate authority certificates, votes, consensus documents, and microdescriptors. For these, we can safely make a field required once all authorities are generating it, and we are |