[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Proposal 109: No more than one server per IP address [was Re: Sybil Attack Countermeasures]

To: or-dev@xxxxxxxxxxxxx
Subject: Re: Proposal 109: No more than one server per IP address [was Re: Sybil Attack Countermeasures]
From: Roger Dingledine <arma@xxxxxxx>
Date: Tue, 13 Mar 2007 23:49:38 -0400
Delivered-to: archiver@seul.org
Delivered-to: or-dev-outgoing@seul.org
Delivered-to: or-dev@seul.org
Delivery-date: Tue, 13 Mar 2007 23:49:46 -0400
In-reply-to: <20070313034906.GF9897@noncombatant.org>
References: <1895070c0703091528r67b2f305j4a07360eb90ab3eb@mail.gmail.com> <20070311092854.GC28282@moria.seul.org> <20070312033322.GB13819@totoro.wangafu.net> <20070312052508.GH28282@moria.seul.org> <20070313034906.GF9897@noncombatant.org>
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-dev@xxxxxxxxxxxxx
User-agent: Mutt/1.5.9i

On Mon, Mar 12, 2007 at 07:49:06PM -0800, Chris Palmer wrote:
> It seems like the granularity of the node selection policy Tor can
> implement to frustrate Sybils is partly a function of the size and
> diversity of the Tor network.  As long as there are ORs on at least 3
> different IPs, a /32 restriction can work (an OP can still build a
> circuit); as the network grew, you could start doing /16.  As the
> granularity of the policy coarsens, it becomes more difficult for Sybil
> to succeed (she now has to have fingers in ever more distant pies).

Note that Chris is talking (I think) about how Alice chooses nodes for
her circuit. Proposal 109 is talking about the directory authorities
(dis)allowing nodes into the network in the first place.

> Is autonomous system number a better indicator of network ownership than
> host or network address?  Is it also more delightfully coarse?  Can the
> current Tor network sustain such a policy (i.e., route only through
> networks with distinct ASNs)?  Am I sniffing glue?

Excellent questions. I fear nobody here knows good answers.

In the case of Alice-picking-her-path, these questions are related to
the "routing zones" open research questions: it's not just about the AS
that each router lives on, it's about the ASes in between each router
too. See the section in http://tor.eff.org/volunteer.html.en#Research
for a few more details.

In the case of which-nodes-to-let-onto-the-Tor-network... hm. Nick
convinced me in http://archives.seul.org/or/dev/Mar-2007/msg00044.html
that we should stick with /32 for now, in the interests of not killing
this proposal with complexity. But for later proposals... What do the
numbers look like in terms of how many nodes we have in each AS right
now? Are some ASes really big geographically, like Comcast, and if so
how does that figure into our caps?

If anybody's looking for a research paper there's plenty of open
questions here. :)

--Roger

References:
- Sybil Attack Countermeasures
  - From: Kevin Bauer
- Re: Sybil Attack Countermeasures
  - From: Roger Dingledine
- Proposal 109: No more than one server per IP address [was Re: Sybil Attack Countermeasures]
  - From: Nick Mathewson
- Re: Proposal 109: No more than one server per IP address [was Re: Sybil Attack Countermeasures]
  - From: Roger Dingledine
- Re: Proposal 109: No more than one server per IP address [was Re: Sybil Attack Countermeasures]
  - From: Chris Palmer

Prev by Author: Proposal: Avoiding infinite length circuits
Next by Author: Proposal: Prioritizing local traffic over relayed traffic
Previous by thread: Re: Proposal 109: No more than one server per IP address [was Re: Sybil Attack Countermeasures]
Next by thread: Re: Proposal 109: No more than one server per IP address [was Re: Sybil Attack Countermeasures]
Index(es):
- Author
- Thread