We still use self-published relay bandwidth sometimes
There's a gap between when a new relay shows up and when there are enough Measured votes from the directory authorities that we use the measured bandwidth in the consensus. So all the various papers that talk about "just run a tiny relay and advertise it as a huge relay" are not actually solved yet -- their algorithm should just be modified to add "for a few days".
(Actually, this bug isn't quite as bad as it could be, since you need to be around for 3 or 5 days in order to get the Guard flag. I wonder how quickly measurements are ready in general, i.e. who wins the race here.)
I suggest three fixes:
A) There should be a quite low cap (e.g. 50KB) for bandwidth weightings in the consensus if there aren't enough Measured votes. I wonder if the 50KB should be a fixed number (in which case we could just have the directory authorities vote it, and not need to change the consensus method), or a function of the overall numbers in the consensus (which would require a new consensus method, but could pick a smarter cap given that some relays have really bloated bandwidth weights).
A') Somebody should evaluate how much of our overall capacity we'd be cutting, and what effect this cutting has on our entropy.
B) To reduce the harm to the network (since new relays would be contributing much less), we should teach the bwauth scripts to measure new relays more aggressively, to shorten this window.
C) The longer term solution is that we need to integrate Robin and Nikita's secure bandwidth estimation stuff -- right now Mike's bwauth scripts believe your self-advertised number and then tweak it based on what they see, so you'll still get a much higher number if you self-advertise a much higher number. Open research question how to improve security here without sacrificing too much accuracy and without adding too much load to the network.
Added with 0.2.3.x as the milestone, since we should do it pretty soon but we can make the change in the directory authorities so timing isn't critical.