[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Proposal: Separate streams across circuits by destination port or destination host
On Tuesday 31 August 2010 01:42:51 Jacob Appelbaum wrote:
> On 08/25/2010 02:12 PM, Robert Hogan wrote:
> > So this is my take on the thread so far:
> >
> > - We've zoned in on the fact that this proposal is really about
> > isolating applications on circuits rather than ports on circuits.
>
> I think so too.
>
> > - Isolating by destination address is likely to increase the number of
> > circuits the client builds by some scary quantity.
>
> I'm not sure that I'm entirely on board with that - I think for
> webbrowsing this is true but for ssh or other traffic, I'm not sure. I
> actually want five circuits when I start my Tor - one for IRC, one for
> ssh, one for ttdnsd, one for email stuff, another for jabber and so on.
> In most cases, I require a different circuit for each because I don't
> want to link _any_ of that data.
>
I wonder would adapting LongLivedPorts to enforce circuit isolation achieve
this requirement without the risk of inducing exponential circuit creation.
Since applications that use LongLivedPorts by definition require long-
running connections and create new connections relatively infrequently it
seems like a good fit.
Changing LongLivedPorts this way would all the problem-cases I can remember
that gave rise to this proposal, most of which involved mixing chat/ssh/irc
with browsing and the like.