Jacob Appelbaum <jacob@xxxxxxxxxxxxx> wrote Fri, 23 Jul 2010 17:03:09 +0200: | Filename: 171-separate-streams-by-port-or-host.txt 1. Is 'connections' a well established term here? I'm thinking TCP connection but that clearly doesn't make sense in a UDP context, such as DNS. One could use 'packet' in one way or another instead, I guess. 2. >IsolateStreamsByPort will take a list of ports or optionally the >keyword 'All' in place of a port list. The use of the keyword 'All' >will ensure that all connections attached to streams will be >isolated to separate circuits by port number. Just to make it clear, would a packet sent to hostA:port1 end up on the same circuit as one sent to hostB:port1? 3. If 2 says yes, would this turn into a no if IsolateStreamsByHost was enabled? 4.
Remote: origin http://git.torproject.org/ioerror/tor.git Local: isolated-streams /u/src/tor.ioerror/ Head: b32947a tpyo correction Changes: Modified doc/spec/proposals/171-separate-streams-by-port-or-host.txt diff --git a/doc/spec/proposals/171-separate-streams-by-port-or-host.txt b/doc/spec/proposals/171-separate-streams-by-port-or-host.txt index 3f745dc..3bd0532 100644 --- a/doc/spec/proposals/171-separate-streams-by-port-or-host.txt +++ b/doc/spec/proposals/171-separate-streams-by-port-or-host.txt @@ -20,7 +20,7 @@ we must balance network load issues and stream privacy. The Tor network will not currently scale to one circuit per connection nor should it anytime soon. Circuits are currently created with a few constraints and are rotated within -a reasonable time window. This allows a rogue exit nodes to correlate all +a reasonable time window. This allows a rogue exit node to correlate all streams on a given circuit. Design: @@ -36,7 +36,7 @@ number. IsolateStreamsByHost will take a boolean value. When enabled, all connections, regardless of port number will be isolated with separate circuits per host. If this option is enabled, we should ensure that the client has a reasonable -number of pre-built circuits to ensure percieved performance. This should also +number of pre-built circuits to ensure perceived performance. This should also intentionally limit the total number of circuits a client will build to ten circuits to prevent abuse and load on the network. This is a tradeoff of performance for anonymity. Tor will issue a warning if a client encounters this @@ -45,7 +45,7 @@ limit. Security implications: It is believed that the proposed changes will improve the anonymity for end -user stream privacy. The end user will no longer link all of their traffic at +user stream privacy. The end user will no longer link all of its traffic at a single exit node during a given time window. Specification:
Attachment:
pgpgsDagl9yNj.pgp
Description: PGP signature