Implement an advisory-only request to stop for old clients
In #15233 (moved), we want to kill off 0.2.2 and 0.2.3 clients, but we want to make sure they won't increase their request rate to the directory authorities if we stop answering them.
We face this issue every time we kill off old client versions.
#15228 (moved) will change the scope of this issue, as it may affect the fallback directories, as well as the directory authorities.
We don't want to have many of our best directories overloaded with rapid requests from obsolete clients.
I suggest, at a minimum:
- A advisory request to stop for old clients (which can be disabled on compilation or configuration) as part of a valid, signed consensus:
- a permitted-but-not-recommended client versions list, and every version not on that list should stop? The problem with this is that new dev versions and custom versions would stop.
- an obsoleted client version list, every version on that list should stop? It would be a long list, and custom versions wouldn't be asked to stop.
- Every request in tor should be random-exponential-backoff, which would resolve repeated-connection overloading issues in general. (split to another ticket #15943 (moved))
- How do we deal with botnets that don't use the full tor code? They need not obey the consensus, or use exponential backoff.
Edit: split #15943 (moved), clarify "kill switch" language