[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Proposal: Separate streams across circuits by destination port or destination host

On Tuesday 31 August 2010 01:42:51 Jacob Appelbaum wrote:
> On 08/25/2010 02:12 PM, Robert Hogan wrote:
> > So this is my take on the thread so far:
> > 
> > - We've zoned in on the fact that this proposal is really about
> > isolating applications on circuits rather than ports on circuits.
> I think so too.
> > - Isolating by destination address is likely to increase the number of
> > circuits the client builds by some scary quantity.
> I'm not sure that I'm entirely on board with that - I think for
> webbrowsing this is true but for ssh or other traffic, I'm not sure. I
> actually want five circuits when I start my Tor - one for IRC, one for
> ssh, one for ttdnsd, one for email stuff, another for jabber and so on.
> In most cases, I require a different circuit for each because I don't
> want to link _any_ of that data.

I wonder would adapting LongLivedPorts to enforce circuit isolation achieve 
this requirement without the risk of inducing exponential circuit creation. 
Since applications that use LongLivedPorts by definition require long-
running connections and create new connections relatively infrequently it 
seems like a good fit. 

Changing LongLivedPorts this way would all the problem-cases I can remember 
that gave rise to this proposal, most of which involved mixing chat/ssh/irc 
with browsing and the like.