torspec/proposals/108-mtbf-based-stability.txt
Nick Mathewson 35f6d73b50 r12528@Kushana: nickm | 2007-03-11 00:19:05 -0500
Oops; rename file for proposal 108.


svn:r9796
2007-03-11 05:20:24 +00:00

43 lines
1.6 KiB
Plaintext

Filename: 108-mtbf-based-stability.txt
Title: Base "Stable" Flag on Mean Time Between Failures
Version: $Revision: 12105 $
Last-Modified: $Date: 2007-01-30T07:50:01.643717Z $
Author: Nick Mathewson
Created:
Status: Open
Overview:
This document proposes that we change how directory authorities set the
stability flag from inspection of routers declared Uptime to the
authorities' perceived mean time between failure for the router.
Motivation:
Clients prefer nodes that the authorities call Stable. This flags are (as
of 0.2.0.0-alpha-dev) set entirely based on the nodes' declared values for
uptime. This creates an opportunity for malicious nodes to declare
falsely high uptimes in order to get more traffic.
Spec changes:
Instead of setting the current rule for setting the Stable flag:
"An authority should call a server Stable if its observed MTBF for
the past month is at or above the median MTBF for Valid servers.
MTBF shall be defined as the mean length of the runs observed by a
given directory authority. A run begins when an authority decides
that the server is Running, and ends when the authority decides that
the server is not Running. In-progress runs are counted when
measuring MTBF."
Issues:
How do you define a clipped MTBF? If the current month begins with one
day at the end of a one-year uptime, and then has 29 days of uptime, do we
average one day and 29 days? Or do we average one year and 29 days? Or
take 29 days on its own and discard the year?
Surely somebody has done this kinds of thing before.