[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

no circuit loops?



I was just looking over the tor-spec and was thereby reminded that we
don't allow any loops in a circuit. I don't remember talking about
this. Remind me if we have already.

On the one hand, a loop has an obvious threat from any "repeat node" since
it can trivially recognize circuits with that loop and thus bypass it
(long range padding and leaky pipes could reduce this slightly, but
still...).

On the other hand, the absence of loops gives information about a
circuit. E.g., there is an observer on OR_1's network connections.
Alice connects through OR_1, OR_2, OR_3, OR_4, OR_5.  OR_4 is bad.
The adversary can now rule out OR_2 and OR_3 as exit points
even though their net connections are not visible to it.

I suspect the first threat is more likely and significant than
anything in the second category given our parameters and
assumptions. But, I'd be happier with a bit of convincing.

aloha,
Paul