Convert text specifications to mdbook.

author: Nick Mathewson <nickm@torproject.org> 2023-10-12 12:27:58 -0400
committer: Nick Mathewson <nickm@torproject.org> 2023-10-12 12:27:58 -0400
commit: f7e5a95ee96d8ef52c1732d066c1249a6f84391e (patch)
tree: 2e1ddd85f471143518d0df7c7645d066d43bc149 /spec/path-spec/handling-failure.md
parent: e4e0d93d56ee8c1aec4c2efaa7046b651f0fe55c (diff)
download: torspec-f7e5a95ee96d8ef52c1732d066c1249a6f84391e.tar.gz
torspec-f7e5a95ee96d8ef52c1732d066c1249a6f84391e.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/spec/path-spec/handling-failure.md b/spec/path-spec/handling-failure.md
new file mode 100644
index 0000000..d7bb80f
--- /dev/null
+++ b/spec/path-spec/handling-failure.md
@@ -0,0 +1,17 @@
+<a id="path-spec.txt-2.5"></a>
+## Handling failure
+
+If an attempt to extend a circuit fails (either because the first create
+failed or a subsequent extend failed) then the circuit is torn down and is
+no longer pending.  (XXXX really?)  Requests that might have been
+supported by the pending circuit thus become unsupported, and a new
+circuit needs to be constructed.
+
+If a stream "begin" attempt fails with an EXITPOLICY error, we
+decide that the exit node's exit policy is not correctly advertised,
+so we treat the exit node as if it were a non-exit until we retrieve
+a fresh descriptor for it.
+
+Excessive amounts of either type of failure can indicate an
+attack on anonymity. See section 7 for how excessive failure is handled.
+
author	Nick Mathewson <nickm@torproject.org>	2023-10-12 12:27:58 -0400
committer	Nick Mathewson <nickm@torproject.org>	2023-10-12 12:27:58 -0400
commit	f7e5a95ee96d8ef52c1732d066c1249a6f84391e (patch)
tree	2e1ddd85f471143518d0df7c7645d066d43bc149 /spec/path-spec/handling-failure.md
parent	e4e0d93d56ee8c1aec4c2efaa7046b651f0fe55c (diff)
download	torspec-f7e5a95ee96d8ef52c1732d066c1249a6f84391e.tar.gz torspec-f7e5a95ee96d8ef52c1732d066c1249a6f84391e.zip