David,
I'm in the midst of reworking my OnioNS design around prop250 (and the security analysis therein) and as far as I can tell these changes make sense. I like the 00:00 -> 24:00 change as it's more intuitive as you said. I was at first very concerned that you removed the majority requirement as that is the assumption made during consensus generation, but I think your argument for the new conflict resolution make sense. I'm excited that the implementation is nearly complete and I look forward to seeing it in Tor infrastructure!
Jesse V.
On 10/28/2015 10:26 AM, David Goulet wrote:
First, period have been changed from 12:00 -> 12:00 (24 hour) to 00:00 -> 24:00 so the protocol run is not over two days. Seemed more logical and less confusing :).
Second, we've removed the need of having majority for a commit to be considered for the shared random computation. Yes this sounds intense!! so it needs your attention.
Jesse V kernelcorn@riseup.net writes:
David,
I'm in the midst of reworking my OnioNS design around prop250 (and the security analysis therein) and as far as I can tell these changes make sense. I like the 00:00 -> 24:00 change as it's more intuitive as you said. I was at first very concerned that you removed the majority requirement as that is the assumption made during consensus generation, but I think your argument for the new conflict resolution make sense. I'm excited that the implementation is nearly complete and I look forward to seeing it in Tor infrastructure!
Hello Jesse,
thanks for the feedback. Any opinions on whether we should keep the conflict lines or forget about them, based on David's email and my email?
I just estimated that removing the conflict feature will kill about 400 lines of code, which is always nice :)
Thanks :)
On 31 Oct 2015, at 01:07, George Kadianakis desnacked@riseup.net wrote:
Jesse V kernelcorn@riseup.net writes:
David,
I'm in the midst of reworking my OnioNS design around prop250 (and the security analysis therein) and as far as I can tell these changes make sense. I like the 00:00 -> 24:00 change as it's more intuitive as you said. I was at first very concerned that you removed the majority requirement as that is the assumption made during consensus generation, but I think your argument for the new conflict resolution make sense. I'm excited that the implementation is nearly complete and I look forward to seeing it in Tor infrastructure!
Hello Jesse,
thanks for the feedback. Any opinions on whether we should keep the conflict lines or forget about them, based on David's email and my email?
I just estimated that removing the conflict feature will kill about 400 lines of code, which is always nice :)
I'm in favour of moving the conflict feature to DocTor or something similar.
Any adversary who can break shared randomness is likely to also be able to break the entire consensus. And the consensus is a high-value target, whereas shared randomness isn't (yet).
Therefore, I think we could treat any conflicts as bugs or misconfigurations, report them via IRC and a mailing list, and then deal with them on that basis.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
-
George Kadianakis -
Jesse V -
Tim Wilson-Brown - teor