Design and implement improved algorithm for choosing consensus method
Our current algorithm for picking a consenus method is, "Pick the highest method supported by more than 2/3 of the authorities currently voting." This can sometimes result in an insufficiently signed consensus. Instead, it should be something like, "Pick the highest method supported by more than 2/3 of the authorities currently voting, UNLESS the number of authorities supporting that method is less than the threshold needed to sign a valid consensus. In that case, pick the highest method supported by enough authorities to sign a valid consensus."
Alternatively, the algorithm could be something like, "Pick the highest method supported by enough authorities to sign a valid consensus", which I believe is mathematically identical to the above (more obviously safe) formulation.
This change would make some attacks harder for a hostile authority, and some attacks easier. It needs a design proposal and some analysis.
Change History (7)
| Component: |
Tor Relay →
Tor Directory Authority
|
| Milestone: |
Tor: 0.2.3.x-final →
Tor: unspecified
|
| Keywords: |
needs-proposal added
|
| Component: |
Tor Directory Authority →
Tor
|
| Keywords: |
tor-dirauth added; tor-auth removed
|
Turns out that tor-auth is for directory authority so make it clearer with tor-dirauth