From 98e3d7ac5622758e0a34b232fe58da97a46eb4ce Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 25 Jul 2023 15:28:12 +0100 Subject: [PATCH] dev notes: Draft IPT algorithm: Possible fixed descriptor lifetimes Prompted by https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1429#note_2924501 --- doc/dev/notes/hssvc-ipt-algorithms.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/dev/notes/hssvc-ipt-algorithms.md b/doc/dev/notes/hssvc-ipt-algorithms.md index 31ba5d305..1ef299da2 100644 --- a/doc/dev/notes/hssvc-ipt-algorithms.md +++ b/doc/dev/notes/hssvc-ipt-algorithms.md @@ -209,6 +209,8 @@ is the minimum (30 minutes). Otherwise, we double the lifetime each time, unless any IPT in the previous descriptor was declared `Faulty`, in which case we reset it back to the minimum. +TODO: Perhaps we should just pick fixed short and long lifetimes instead, +to limit distinguishability. (Rationale: if IPTs are regularly misbehaving, we should be cautious and limit our exposure to the damage.)