From 5536d29700d1bcea4b2652a3d7978a197b058a45 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 23 May 2022 15:07:06 -0400
Subject: Padding spec: describe behavior with queues.

(Briefly: "Sent" is sometimes unobservable, so we should use
"queued" as a reasonable proxy.)
---
 padding-spec.txt | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'padding-spec.txt')

diff --git a/padding-spec.txt b/padding-spec.txt
index 471dd74..262e88f 100644
--- a/padding-spec.txt
+++ b/padding-spec.txt
@@ -180,6 +180,16 @@ Table of Contents
   the event that it is idle in that direction, and will always transmit a
   packet before the minimum 10 second inactive timeout.
 
+  (In practice, an implementation may not be able to determine when,
+  exactly, a cell is sent on a given channel.  For example, even though the
+  cell has been given to the kernel via a call to `send(2)`, the kernel may
+  still be buffering that cell.  In cases such as these, implementations
+  should use a reasonable proxy for the time at which a cell is sent: for
+  example, when the cell is queued.  If this strategy is used,
+  implementations should try to observe the innermost (closest to the wire)
+  queue that the practically can, and if this queue is already nonempty,
+  padding should not be scheduled until after the queue does become empty.)
+
 2.3. Padding Cell Timeout Distribution Statistics
 
   To limit the amount of padding sent, instead of sampling each endpoint
-- 
cgit v1.2.3-54-g00ecf