#17773: Should clients avoid using guards that lost the Guard flag?
-------------------------------+------------------------------
Reporter: arma | Owner: arma
Type: enhancement | Status: accepted
Priority: Medium | Milestone: Tor: 0.2.???
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: TorCoreTeam201606 | Actual Points:
Parent ID: | Points: medium?
Reviewer: | Sponsor:
-------------------------------+------------------------------
Comment (by asn):
Replying to [comment:16 arma]:
> Ok, I looked at the code again, and asn is right. We currently do the
opposite of what I thought we did, and based on the discussions above, I
think we should change our behavior to do what I thought we did.
>
I also think that the idea of keeping non-Guard relays that were once your
guard, has '''slightly''' better security properties than ditching them.
I stressed slightly because I don't feel too strong about either way here.
For an example of a negative edge case, consider a relay whose operator is
no longer able to keep its uptime and it loses its guard flag. If that
relay is flaky, any client that uses it will have to move to other guards
when that relay is down, so the client will get exposed to more guards
anyway.
> Does this want a mini-proposal? How do we best proceed from here? Also,
is this choice orthogonal to all the recent prop#259 work?
Funny thing is that all prop259 versions so far (including nick's newest
one) seem to suggest the current behavior. That is, upon receiving a fresh
consensus, we stop using guards that have lost their Guard flag.
If we think the other approach is better, we should lobby it to Nick for
inclusion in his current proposal.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17773#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
