[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Question on router to router communication



On Wed, Sep 05, 2007 at 09:58:37AM -0700, Michael_google gmail_Gersten wrote:
> I've noticed that my tor configured as a client will only have one
> outgoing TCP connection to an entry node, no matter how many circuits
> Vidalia shows as going to that entry guard.
> 
> I'm assuming that this continues on other router to router channels --
> if there are three circuits that go from (for example) desync to
> Tonga, there will only be one TCP connection.
> 
> Is this necessary from a security standpoint? Tor can be sped up if
> that "one channel per pair" restriction can be broken.

Probably, yes?  Otherwise, it is trivial for an external attacker to
separate individual circuits and trace them more easily.  (It may be
possible to do this anyway with traffic analysis techniques, but also
maybe not.)

For more information on the Tor design, you might want to check out
the design paper at http://tor.eff.org/doc/design-paper/tor-design.pdf .

> (Just like IP itself. A layer two connection between two nodes has (I
> forget exactly) 8 channels, each of which can only have one
> outstanding packet. Allowing Tor to have multiple channels between two
> nodes will prevent a single stopped TCP from stopping all traffic
> going that way.)

Another long-term solution is possibly to switch to a UDP transport
between Tor servers (using DTLS in place of TLS) and then provide
reliability and ordering at a higher layer of the protocol.
Unfortunately, this is pretty hard, and we don't have a really solid
idea of how to do it best.

yrs,
-- 
Nick Mathewson

Attachment: pgpsY1xipL5AW.pgp
Description: PGP signature