aboutsummaryrefslogtreecommitdiff
path: root/dir-spec.txt
diff options
context:
space:
mode:
Diffstat (limited to 'dir-spec.txt')
-rw-r--r--dir-spec.txt24
1 files changed, 21 insertions, 3 deletions
diff --git a/dir-spec.txt b/dir-spec.txt
index 1a7a1cd..d10e4c3 100644
--- a/dir-spec.txt
+++ b/dir-spec.txt
@@ -317,11 +317,29 @@
The timeline for a given consensus is as follows:
- VA-DistSeconds-VoteSeconds: The authorities exchange votes.
+ VA-DistSeconds-VoteSeconds: The authorities exchange votes. Each authority
+ uploads their vote to all other authorities.
VA-DistSeconds-VoteSeconds/2: The authorities try to download any
votes they don't have.
+ Authorities SHOULD also reject any votes that other authorities try to
+ upload after this time. (0.4.4.1-alpha was the first version to reject votes
+ in this way.)
+
+ Note: Refusing late uploaded votes minimises the chance of a consensus
+ split, particular when authorities are under bandwidth pressure. If an
+ authority is struggling to upload its vote, and finally uploads to a
+ fraction of authorities after this period, they will compute a consensus
+ different from the others. By refusing uploaded votes after this time,
+ we increase the likelihood that most authorities will use the same vote
+ set.
+
+ Rejecting late uploaded votes does not fix the problem entirely. If
+ some authorities are able to download a specific vote, but others fail
+ to do so, then there may still be a consensus split. However, this
+ change does remove one common cause of consensus splits.
+
VA-DistSeconds: The authorities calculate the consensus and exchange
signatures.
@@ -1868,8 +1886,8 @@
only if it is listed by a majority of the voters.
These lines should be voted on. A majority of votes is sufficient to
- make a protocol un-supported. and should require a supermajority of
- authorities (2/3) to make a protocol required. The required protocols
+ make a protocol un-supported. A supermajority of authorities (2/3)
+ are needed to make a protocol required. The required protocols
should not be torrc-configurable, but rather should be hardwired in
the Tor code.
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion