[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] a few more tweaks
Update of /home2/or/cvsroot/tor/doc/design-paper
In directory moria.mit.edu:/home2/arma/work/onion/cvs/tor/doc/design-paper
Modified Files:
challenges.tex
Log Message:
a few more tweaks
Index: challenges.tex
===================================================================
RCS file: /home2/or/cvsroot/tor/doc/design-paper/challenges.tex,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -d -r1.54 -r1.55
--- challenges.tex 8 Feb 2005 10:27:47 -0000 1.54
+++ challenges.tex 8 Feb 2005 10:46:55 -0000 1.55
@@ -794,11 +794,6 @@
%continued use of identification by IP number as long as there is no
%workable alternative.
-%Fortunately, our modular design separates
-%routing from node discovery; so we could implement Morphmix in Tor just
-%by implementing the Morphmix-specific node discovery and path selection
-%pieces.
-
%[XXX Mention correct DNS-RBL implementation. -NM]
\section{Design choices}
@@ -942,14 +937,14 @@
will never be certain he has identified all nodes in the path, but as
long as the network remains small this attack will still be feasible.
-Helper nodes also help Tor clients, because choosing entry and exit points
+Helper nodes also aim to help Tor clients, because choosing entry and exit points
randomly and changing them frequently allows an attacker who controls
even a few nodes to eventually link some of their destinations. The goal
is to take the risk once and for all about choosing a bad entry node,
rather than taking a new risk for each new circuit. (Choosing fixed
exit nodes is less useful, since even an honest exit node still doesn't
protect against a hostile website.) But obstacles still remain before
-we can implement helper nodes.
+we can implement them.
For one, the literature does not describe how to choose helpers from a list
of nodes that changes over time. If Alice is forced to choose a new entry
helper every $d$ days and $c$ of the $n$ nodes are bad, she can expect
@@ -1325,7 +1320,7 @@
information in the descriptors they upload to the directory. Clients
choose servers weighted by their bandwidth, neglecting really slow
servers and capping the influence of really fast ones.
-
+%
This is, of course, eminently cheatable. A malicious node can get a
disproportionate amount of traffic simply by claiming to have more bandwidth
than it does. But better mechanisms have their problems. If bandwidth data