On 12/17/13 10:31 PM, Nick Mathewson wrote:
215 Let the minimum consensus method change with time
This proposal describes how we can raise the minimum allowable consensus method that all authorities must support, since the ancient "consensus method 1" would not actually be viable to keep the Tor network running. We should do this; see ticket #10163. (11/2013)
Hi Nick,
I'm probably missing something important here, but I don't know what.
Right now, if a directory authority learns from the votes that more than 2/3 of authorities support a consensus method higher that it can support itself, it falls back to consensus method 1. That authority then produces a consensus that won't have enough signatures for any client to use it, so it's useless.
The proposal suggests that this authority produces a consensus using a higher method than 1, but still lower than what the other authorities are going to produce. But this consensus will still not contain enough signatures.
What's the point?
The last paragraph in the proposal makes most sense to me:
We might want to have the behavior when we see that everybody else will be using a method we don't support be "Don't make a consensus at all." That's harder to program, though.
Can you say why this solution is harder to program? It seems like the cleaner design.
But even if it's too difficult to program (or would likely add new bugs), why not keep the fall-back-to-method-1 workaround? Does it cause any harm?
There are probably edge cases I didn't consider. I wonder which ones that are.
All the best, Karsten