[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Update on 259



Adding tor-dev.

On 04/06/2016 08:53 AM, Tania Silva wrote:
> Hey,
> 
>>>>>> Yeah, we talked about that yesterday. Our suggestion is to do
>>>>>> something like this:
>>>>>> - if the filtered/reduced sample-set contains less than X (5?) guards,
>>>>>> expand SAMPLED guards using the regular process.
>>>>>> - If SAMPLE guards reach SAMPLED_MAX (50?) size, we fail closed with
>>>>>> an error saying something like "your current network settings make it
>>>>>> impossible for us to safely choose an entry guard. If you really need
>>>>>> to connect under these circumstances, consider explicitly setting the
>>>>>> EntryGuards configuration option"
>>>>
>>>> Oh, wow, I don't think failing closed is a good idea.
>>>> It means users that move around a lot (and clients which have a longer state history) could fail at some arbitrary time.
>>>> Why not simply continue to add guards that satisfy the restrictions?
>> Well, users that move around a lot will only have an expanded sampled
>> set if they move between several different networks that have severe
>> restrictions - but mutually exclusive such restrictions. And we would
>> only ever hit this fail closed if we can't find anything in the
>> sampled set that matches the current needed restrictions. If we keep
>> adding guards, the idea of the sampled set as a measure to minimize
>> exposure to too many guards fly out the window.
>>
>> The problem really comes down to this - if you have a network that is
>> actively firewalling every guard that is not under their control, if
>> we keep expanding we will sooner or later be forced to use a guard
>> under adversary control. By failing closed, we can avoid that
>> eventuality.
> 
> We thought in to have a minimum size for this set after been filtered [1].
> 
> ```
> MINIMUM_FILTERED_SAMPLE_SIZE
> The minimum size of the sampled set after filtering out nodes based on
> client configuration (FILTERED_SAMPLED). Proposed value is ???.
> ```
> 
> In order to expose less guards when we are expanding sample set, we
> thought in to have a maximum size before to fail.
> What do you think if this is a configurable value by user? (we can have
> as default if not provided)
> 
> ```
> MAXIMUM_SAMPLE_SIZE_THRESHOLD
> In order to guarantee a minimum size of guards after filtering, we
> expand SAMPLED_GUARDS until a limit. This fraction of GUARDS will be
> used as an upper bound when expanding SAMPLED_GUARDS. Proposed value is
> 0.03.
> ```
> 
> 1 -
> https://github.com/twstrike/torspec/blob/review/proposals/259-guard-selection.txt#L317
> 

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev