[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 287: Reduce circuit lifetime without overloading the network.

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal 287: Reduce circuit lifetime without overloading the network.
From: Fernando Fernández Mancera <ffernandezmancera@xxxxxxxxx>
Date: Wed, 13 Dec 2017 00:55:43 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 12 Dec 2017 18:56:06 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=/iNqGWQuy+jGzjoRuTFDivqlB5a09S7A9srcsEtoJ0w=; b=ThN/CFZrPF5kQ3Uc1kjs+nje1L391qj1xfI5OMyJoO3OrMzXds+uI0fN28eDeirms6 P1An9Y3Pz9QV0N2JruTu7NSHlpfMIIDfHxkSOfnIG78ZCpUT+Orf/YClaQ2kXiP6Q4/n OkPDE+6Zn/GtELhlRra8WpCpNzeCdphcii3d6CJnHYfjPGNXg3BogeT5x8SlvXAxRA6d 0/sP7f0ZgONST+3GOUIJ3733DTrYp0j1ynaf7ldvGobSVhOLi87nkFs2VCB+COPfAHBN tMfBzJJNLTUikbVn+DfQzk6rBkF0HdzTAjZRDxKmR9uxy7O4JGUuwEUvFD+DfDnfJEQ0 iOYw==
In-reply-to: <33F0FCC8-4B26-4D09-AC8A-305B78C4B6F2@gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAJMXbDRPo-F+D-NmqjekSzJzWQVitDXNNVg=hEGDVdsE30e3xg@mail.gmail.com> <CAJMXbDQjhc83MjDm+be4E0xyYN4Rvo8fORktyeq8sW-DMBisoQ@mail.gmail.com> <33F0FCC8-4B26-4D09-AC8A-305B78C4B6F2@gmail.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0


On 12/12/2017 11:34 PM, teor wrote:

Is there any reason you picked these values?

I have chosen those values because if the user sets a value, I think itis better for this value to be around lower one from the alreadyestablished. Even so, higher values are included to make it moredifficult for the attacker to identify.

I've been thinking, it might be better if this value changes every timea circuit is marked dirty.

Is there any research supporting this?
Is it compelling enough to offset the usability issues?
(See below.)


I am working on it, so I will try to get it soon as possible.

This we believe to be true, and we think we've seen attacks using it.
But changing circuits doesn't help those attacks.

Oh well, I missunderstood you in the last reply I think. I thought ifthe circuit changes more often then is more probably that it uses adifferent guard.

Also, are you proposing that services mark circuits dirty?
Because Tor doesn't work like that right now.
Only clients mark circuits dirty.

No no, I mean clients. I will try to think deeply how it can works withOnion services.

How it works with KeepAliveIsolateSOCKSAuth:

 - If KeepAliveIsolateSOCKSAuth option is active, then if on
   (MaxCircuitDirtiness * 0.5) minutes the amount of bytes sent/received
   through the circuit doesn't surpass half of the established amount,
   this amount will be reset.


This will break usability on many websites that depend on requests
coming from the same IP address. This is why Tor Browser manages its
own circuit lifetimes, and this change would break that.

Well, as above I will try to find a good use for this option combinedwith MaxCircuitSizeDirtiness. So probably I will write back inmid-January but if you find one, please let me know.


ffmancera.




_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- Re: [tor-dev] Proposal 287: Reduce circuit lifetime without overloading the network.
  - From: Fernando Fernández Mancera
- Re: [tor-dev] Proposal 287: Reduce circuit lifetime without overloading the network.
  - From: teor

Prev by Author: Re: [tor-dev] Start contributing to Tor
Next by Author: Re: [tor-dev] Proposal 287: Reduce circuit lifetime without overloading the network.
Previous by thread: Re: [tor-dev] Proposal 287: Reduce circuit lifetime without overloading the network.
Next by thread: [tor-dev] Proposal 288: Privacy-Preserving Statistics with Privcount in Tor (Shamir version)
Index(es):
- Author
- Thread