On Fri, 20 May 2016 12:03:59 -0400 Tim Wilson-Brown - teor <teor2345@xxxxxxxxx> wrote: > > On 20 May 2016, at 11:59, Yawning Angel <yawning@xxxxxxxxxxxxxxx> > > wrote: > > > > What's strange about it. The client does the path selection. To > > build a circuit, the client must know the public keys/ip/port for > > the entire path and the exit policy. > > Clients could get away with only knowing the key fingerprints for > relays in their paths, except for their Guards, which are the only > relays they connect to directly. (This might mean a protocol > redesign, because I think we send IP and port as well as fingerprint > at the moment.) There's a reason why the EXTEND2 cells contain an IP/port, and also why nodes don't enforce "traffic was from/is to something in the consensus". The current existing design requires exactly what I stated (Everything required for a client to craft an `EXTEND2` cell with a ntor payload). > But do we really need to? No. The person is complaining about something with 16 MiB of non-volatile storage anyway. In general I would be against clever crypto based approaches to limit the amount of data the client downloads, just because "client knows everything and does path selection" is easy to reason about/analyze/implement. Maybe in the extreme long term this will make sense. Regards, -- Yawning Angel
Attachment:
pgppJFaVXe5Yj.pgp
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev