ChanMgr: Identify canonical channels; avoid non-canonical ones; pick best channel among canonical channels.
When implementing relays, ChanMgr will have to deal with the possibility of "non-canonical" channels: ones that are correctly authenticated, but which do not have the right address. Since these channels crate the possibility of traffic-analysis MITM attacks, we can't extend circuits over them.
If multiple canonical channels exist, ChanMgr should choose the "best" one according to specified rules.
I believe this is all documented in tor-spec
, but to the extent that it isn't, we should improve tor-spec
to explain it.