Vanguards in Arti
Given that we recommend the Vanguards design for onion services, and that we're considering recommending it elsewhere, we should just build it in Rust for Arti.
This is in the %"Arti Onion service support" milestone, since it's important for onion service security.
The version that we would want to build here is a combination of proposal 292 (mesh vanguards) and proposal 333 (vanguards lite) that would work roughly as follows.
- There would be a configurable number of vanguard sets: either one or two. This would correspond to a second-hop set and an optional third-hop set. When building a circuit with vanguards, we'd choose a Guard for hop one, and a Vanguard from the 2nd-hop set for step 2, and so on.
- We would add an extra hop as needed according to the rules of proposal 292.
- Each vanguard set would be selected at random, and expire according to the rules from proposal 292.
- We would not track up/down status for given vanguards, and instead simply use consensus to tell when vanguards were down.
- Vanguards would always be persistent.
- We would use vanguards whenever we were building circuits related to onion services, except when being a single onion service.
Rough subtasks:
- Add a new object to GuardMgr to track vanguard sets.
- Teach it how to sample from a netdir
- Teach it how to expire its entries
- Teach it to give out random members
- Teach it how to be persistent
- Use vanguards to build circuits according to the configured rules.
Edited by Nick Mathewson