[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
From: s7r <s7r@xxxxxxxxxx>
Date: Sun, 24 Jan 2016 18:10:42 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 24 Jan 2016 11:11:27 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org; s=20110108; t=1453651875; bh=y444PxUZUIoYyGMqKlOl/vNjHwgmXi59yLSY8sapBKM=; h=Reply-To:Subject:References:To:From:Date:In-Reply-To; b=HbTZ2QpyZcizpUsYrGBFbl1VxkGsm6FnhA97EQNVi2B2iUO+3msqlvzsze1d2Tdzx 6qXkxN4iI70Wo5Kn87FE+5E2O/rDPAfZ6osPEUdMHqYynmmK5431//Mj40SUKTkI1y EkCT+Z6KKCEiI2VJmX7/lF2kaJWaoaTlMSECrqTA=
In-reply-to: <E3E8904E-2F6B-4A3F-90B9-F33606189C4E@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <56A3F2B8.8080101@xxxxxxxxxx> <B786C55C-9FB2-485F-8F82-C1290C3C8198@xxxxxxxxx> <56A3FE85.3070703@xxxxxxxxxx> <B93F4F19-D0D2-4F0F-AD66-D35277940B1C@xxxxxxxxx> <56A43133.5020704@xxxxxxxxxx> <E3E8904E-2F6B-4A3F-90B9-F33606189C4E@xxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi teor,

On 1/24/2016 6:33 AM, Tim Wilson-Brown - teor wrote:
> Please read the tor man page documentation for the option 
> Tor2webRendezvousPoints. It's implemented in the function
> pick_tor2web_rendezvous_node().
> 
> Under this proposal, what is the smallest number of rendezvous
> points a Tor2web instance would need to specify in
> Tor2webRendezvousPoints to avoid being banned, or does it vary
> depending on the popularity of the hidden service?
> 

Ideally pick_tor2web_rendezvous_node() should pick a random relay to
act as a rendezvous point, based on its consensus weight / middle
probability fraction, exactly the same as any regular client would do.

Obviously a tor2web service can skip the Guard since it doesn't care
about anonymity, for lower latency to the hidden service.

For load balancing and capacity and everything, a tor2web service
should always choose a random rendezvous relay for every circuit, and
ideally (don't know if it's possible in reverse proxy mode) re-use the
same circuit to the same hidden service if there are multiple visitors
(tor2web clients) asking to connect to the same hidden service. If
this is not possible (using one circuit per hidden service
destination, regardless if there are more people accessing that hidden
service address via tor2web) at least it should pick randomly
rendezvous relays for every circuit.

This way, no rendezvous nodes will be banned. And the number of
rendezvous circuits we allow with a single relay as rendezvous point
is of course dependent on the popularity of the hidden service (total
number of rendezvous circuits built by that hidden service in the last
24 hours). So if a hidden service experienced 10000 rendezvous
circuits in the last 24 hours, a relay with middle probability
fraction of 0.5% is able to build at least 10000 * 0.005 = 50 new
rendezvous circuits before might get banned for the next 24 hours by
that hidden service.

P.S. Picking the same rendezvous relays in tor2web services sounds
like we are hammering them too much.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJWpPeBAAoJEIN/pSyBJlsRxycIAMKKsc4CpTDbJ90W30tKVwVl
637mDZfAFbM3goNnRQvyjgbDBvyPGhtrkJkVrLHRpSJ1xszd06W3aYVVlIVn4AtD
ZVKImkFZK7qKjwEVRmFEAUBO/m8PSWWjpz17zB93sJJYZrSDI5ypVWBJpXAqy8fI
iOeirexvLU8XsxJowXT/thQFvC9F26IZbAjUSkwkZjoxHe846NulZobnrSECls6U
G6i9J9pYejWUFK0uBORFk2RTqyEzRUEPefOfkmT3+ytGJrM7yBbUoYbNXElinDmb
YxeaK0TFIbYcaot0JEML06T4P6+/jKEFeYMZLUE5GtPIiMjUsw4g1lwacDI544o=
=0+Ba
-----END PGP SIGNATURE-----
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
  - From: Tim Wilson-Brown - teor

References:
- [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
  - From: s7r
- Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
  - From: Tim Wilson-Brown - teor
- Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
  - From: s7r
- Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
  - From: Tim Wilson-Brown - teor
- Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
  - From: s7r
- Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
  - From: Tim Wilson-Brown - teor

Prev by Author: Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
Next by Author: Re: [tor-dev] Much-revised draft, RFC: removing current obsolete clients from the network
Previous by thread: Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
Next by thread: Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
Index(es):
- Author
- Thread