[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Path-spec - fast circuits

On Sat, Feb 13, 2010 at 5:33 AM, Scott Bennett <bennett@xxxxxxxxxx> wrote:
>     I've withheld comment on the above for a long time, mainly because
> I had intended to include it in a write-up that I still haven't found
> the time to do, but I really think it cannot be avoided any longer.
> I would greatly appreciate a justification for the presumption that
> any process other than the tor node in question can possibly provide
> a more accurate measurement of its data rate capacities.  Any other
> process, *even on the same computer*--much less anywhere else, can only
> measure the performance of the TCP connections between itself and the
> tor node in question, whereas the tor node in question has a complete
> picture of all of its simultaneous connections to all processes, wherever
> they may exist around the planet.

Right.  If I'm a Tor node, I have a better picture of my own actual
usage than any other process anywhere in the network.

But one big problem is that you have no guarantee whatsoever that I'm
telling you the truth about my measurements.  See for example Kevin
Bauer et al's "Low Resource Routing Attacks Against Tor."

As a hackish workaround, we had clipped the largest believable
self-reported bandwidth, so that a hosstile or broken server couldn't
trivially claim to have infinite capacity and attack or DOS the
network.  But this meant that genuinely high-capacity nodes got

Neither of the above points is imaginary; Bauer et al demonstrated
their attacks on planetlab, and the underutilized capacity really

(A smaller problem was that nodes were reporting their observed
bandwidth _usage_, whereas clients really care about the expected
performance of their circuits.)

Mike and others can probably talk more about the other issues here.

To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/