Ola Bini obini@thoughtworks.com writes:

Hi,

Thanks for the confirmation of our understanding! Very helpful.

If I understand things correctly, we are supposed to take GUARDLIST_FAILOVER_THRESHOLD guards from the list of all guards and generate the GUARDLIST from that. Is that process supposed to be deterministic for a specific client on a specific network, or is it fine to use randomness to generate it?

Hello,

I think it's fine to use randomness to generate it for now; that's what tor also currently does [0].

I think coming up with the right way to do deterministic sampling based on specific networks can be the subject of a separate proposal :). I imagine that there will be engineering and security issues that will complicate any easy approaches. So you can ignore this part of the problem for now, and just use fresh local randomness everytime you sample a guard :]

And how long lived are the PRIMARY_GUARDS supposed to be?

The real lifetime of guards is currently a random value between 2 to 3 months (see chosen_on_date) This is regardless of whether the guard is your primary guard or not. We might increase the lifetime in the future, but probably the precise value should not matter too much since it's a constant change.

[0]: see choose_good_entry_server() -> router_choose_random_node() -> smartlist_choose_node_by_bandwidth_weights()