-------- Original Message -------- From: Yawning Angel yawning@schwanenlied.me Subject: Re: [tor-dev] Number of directory connections Date: Fri, 21 Aug 2015 16:49:18 +0000

...

It looks like when the consensus is older than 5 days, a directory authority is used (and the UseEntryGuardsAsDirGuards setting basically ignored).

I can't think of a good reason for that behavior. Is there a valid security issue using an old consensus to fetch the current one from the entry guard?

Your entry guard being rejected as malicious by the DirAuths in the intervening time period.

But the new consensus would need to be signed by the directory authorities. Tor won't relay anything before it has the new valid consensus. So I don't see any issue with using a potentially malicious entry guard for obtaining the current consensus.