Make a design for circuit- migration in the event of DoS
I'm not saying we should build this, but I do think we should come up with a design:
Right now if you DoS a single server in a circuit you observe, you can tell that the circuit went down. Wouldn't it be cool if instead circuits could migrate and withstand crashes in some subset of their nodes?
This is especially important for introduction circuits and rendezvous circuits, I bet.
This would mean major design changes, and is probably best done with a few researchers and a bunch of whiteboards.