dirauth: New flag that only allow relays to be in the middle position

There was a time before proposal 272 where removing the Valid flag would make the relay to be only used in the middle position as in not Guard nor Exit by clients.

This ticket is to propose that we add a new relay flag that authorities can vote on in order to restrict the "power positions" (Guard and Exit and HSDir) to be only middle and rendezvous.

The main reason this would be desirable is because the Health Team often deals with large set of relays showing up that are either missing proper configuration (ex: MyFamily) or have the proper configuration but for which our assessment is that we are unsure and need to validate some key things that can be dragged over weeks like contacting the operator(s) for instance.

And so, if we could have a way to put these relays in a less powerful position that is middle and rendezvous only, it would allow us to put them in a "provisional" state (or the Matrix train station ;) until we can properly assess risk. We believe it is a better trade off than instead rejecting them outright and risking to loose good contributors to this drastic practice.

Of course, we are aware that even a middle node can still pull off attacks but we still think this could be a useful option for the health team nevertheless.

This would require couple things:

A spec proposal.
A config option (torrc) to indicate which relays have that flag like: AuthDirTrainStation (not a final name...)

Current plan:

Write a proposal for doing the calculation as part of directory voting.
Voting-side implementation
Consensus-side implementation

Edited Oct 08, 2021 by Nick Mathewson

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information