a few more thoughts about seeds

svn:r3399

diff --git a/doc/dir-spec.txt b/doc/dir-spec.txt
index 32e71f92f81135ab3d19179d8cea491f7d492689..0c349a5152952188467068d9db89e6d8e3f52497 100644 (file)
--- a/doc/dir-spec.txt
+++ b/doc/dir-spec.txt
@@ -106,8 +106,12 @@ Piece two: (optional)
   and not fingerprints, it also means that dirservers can rotate their
   signing keys transparently.
 
-  But, keeping track of the seed keys becomes a critical security issue;
-  and rotating them in a backward-compatible way adds complexity.
+  But, keeping track of the seed keys becomes a critical security issue.
+  And rotating them in a backward-compatible way adds complexity. Also,
+  dirserver locations must be at least somewhere static, since each lost
+  dirserver degrades reachability for old clients. So as the dirserver
+  list rolls over we have no choice but to put out new versions.
+
 
 Piece three: (optional)