aboutsummaryrefslogtreecommitdiff
path: root/proposals/333-vanguards-lite.md
diff options
context:
space:
mode:
Diffstat (limited to 'proposals/333-vanguards-lite.md')
-rw-r--r--proposals/333-vanguards-lite.md26
1 files changed, 22 insertions, 4 deletions
diff --git a/proposals/333-vanguards-lite.md b/proposals/333-vanguards-lite.md
index 5e62b03..1e83046 100644
--- a/proposals/333-vanguards-lite.md
+++ b/proposals/333-vanguards-lite.md
@@ -3,7 +3,7 @@ Filename: 333-vanguards-lite.md
Title: Vanguards lite
Author: George Kadianakis, Mike Perry
Created: 2021-05-20
-Status: Finished
+Status: Closed
Implemented-In: 0.4.7.1-alpha
```
@@ -46,14 +46,14 @@ Implemented-In: 0.4.7.1-alpha
Service intro: C -> G -> L2 -> M -> Intro
Service hsdir: C -> G -> L2 -> M -> HSDir
-# 3. Rotation Period Analysis
+# 2. Rotation Period Analysis
From the table in Section 3.1 of Proposal 292, with NUM_LAYER2_GUARDS=4 it
can be seen that this means that the Sybil attack on Layer2 will complete
with 50% chance in 18*7 days (126 days) for the 1% adversary, 4*7 days (one
month) for the 5% adversary, and 2*7 days (two weeks) for the 10% adversary.
-# 4. Tradeoffs from Proposal 292
+# 3. Tradeoffs from Proposal 292
This proposal has several advantages over Proposal 292:
@@ -69,7 +69,25 @@ Implemented-In: 0.4.7.1-alpha
protected, and this proposal might provide those services with a false sense
of security. Such services should still use the vanguards addon [VANGUARDS_REF].
-# 4. References
+# 4. Implementation nuances
+
+ Tor replaces an L2 vanguard whenever it is no longer listed in the most
+ recent consensus, with the goal that we will always have the right
+ number of vanguards ready to be used.
+
+ For implementation reasons, we also replace a vanguard if it loses
+ the Fast or Stable flag, because the path selection logic wants middle
+ nodes to have those flags when it's building preemptive vanguard-using
+ circuits.
+
+ The design doesn't have to be this way: we might instead have chosen
+ to keep vanguards in our list as long as possible, and continue to use
+ them even if they have lost some flags. This tradeoff is similar to
+ the one in https://bugs.torproject.org/17773 about whether to continue
+ using Entry Guards if they lose the Guard flag -- and Tor's current
+ choice is "no, rotate" for that case too.
+
+# 5. References
[PROP292_REF]: https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/292-mesh-vanguards.txt
[VANGUARDS_REF]: https://github.com/mikeperry-tor/vanguards
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion