[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r15612: add new proposal 148-uniform-client-end-reason.txt (tor/trunk/doc/spec/proposals)
Author: arma
Date: 2008-07-02 19:00:54 -0400 (Wed, 02 Jul 2008)
New Revision: 15612
Added:
tor/trunk/doc/spec/proposals/148-uniform-client-end-reason.txt
Modified:
tor/trunk/doc/spec/proposals/000-index.txt
Log:
add new proposal 148-uniform-client-end-reason.txt
Modified: tor/trunk/doc/spec/proposals/000-index.txt
===================================================================
--- tor/trunk/doc/spec/proposals/000-index.txt 2008-07-02 22:00:03 UTC (rev 15611)
+++ tor/trunk/doc/spec/proposals/000-index.txt 2008-07-02 23:00:54 UTC (rev 15612)
@@ -70,6 +70,7 @@
145 Separate "suitable as a guard" from "suitable as a new guard" [OPEN]
146 Add new flag to reflect long-term stability [OPEN]
147 Eliminate the need for v2 directories in generating v3 directories [OPEN]
+148 Stream end reasons from the client side should be uniform [OPEN]
Proposals by status:
@@ -93,6 +94,7 @@
145 Separate "suitable as a guard" from "suitable as a new guard"
146 Add new flag to reflect long-term stability
147 Eliminate the need for v2 directories in generating v3 directories
+ 148 Stream end reasons from the client side should be uniform
NEEDS-REVISION:
110 Avoiding infinite length circuits
117 IPv6 exits
Added: tor/trunk/doc/spec/proposals/148-uniform-client-end-reason.txt
===================================================================
--- tor/trunk/doc/spec/proposals/148-uniform-client-end-reason.txt (rev 0)
+++ tor/trunk/doc/spec/proposals/148-uniform-client-end-reason.txt 2008-07-02 23:00:54 UTC (rev 15612)
@@ -0,0 +1,58 @@
+Filename: 148-uniform-client-end-reason.txt
+Title: Stream end reasons from the client side should be uniform
+Version: $Revision$
+Last-Modified: $Date$
+Author: Roger Dingledine
+Created: 2-Jul-2008
+Status: Open
+
+Overview
+
+ When a stream closes before it's finished, the end relay cell that's
+ sent includes an "end stream reason" to tell the other end why it
+ closed. It's useful for the exit relay to send a reason to the client,
+ so the client can choose a different circuit, inform the user, etc. But
+ there's no reason to include it from the client to the exit relay,
+ and in some cases it can even harm anonymity.
+
+ We should pick a single reason for the client-to-exit-relay direction
+ and always just send that.
+
+Motivation
+
+ Back when I first deployed the Tor network, it was useful to have
+ the Tor relays learn why a stream closed, so I could debug both ends
+ of the stream at once. Now that streams have worked for many years,
+ there's no need to continue telling the exit relay whether the client
+ gave up on a stream because of "timeout" or "misc" or what.
+
+ Then in Tor 0.2.0.28-rc, I fixed this bug:
+ - Fix a bug where, when we were choosing the 'end stream reason' to
+ put in our relay end cell that we send to the exit relay, Tor
+ clients on Windows were sometimes sending the wrong 'reason'. The
+ anonymity problem is that exit relays may be able to guess whether
+ the client is running Windows, thus helping partition the anonymity
+ set. Down the road we should stop sending reasons to exit relays,
+ or otherwise prevent future versions of this bug.
+
+ It turned out that non-Windows clients were choosing their reason
+ correctly, whereas Windows clients were potentially looking at errno
+ wrong and so always choosing 'misc'.
+
+ I fixed that particular bug, but I think we should prevent future
+ versions of the bug too.
+
+ (We already fixed it so *circuit* end reasons don't get sent from
+ the client to the exit relay. But we appear to be have skipped over
+ stream end reasons thus far.)
+
+Design:
+
+ One option would be to no longer include any 'reason' field in end
+ relay cells. But that would introduce a partitioning attack ("users
+ running the old version" vs "users running the new version").
+
+ Instead I suggest that clients all switch to sending the "misc" reason,
+ like most of the Windows clients currently do and like the non-Windows
+ clients already do sometimes.
+
Property changes on: tor/trunk/doc/spec/proposals/148-uniform-client-end-reason.txt
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Name: svn:eol-style
+ native