[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor 0.1.0.1-rc is out



Thus spake Roger Dingledine (arma@xxxxxxx):

> This release incorporates automatic reachability testing for servers (the
> first step to getting rid of the 'verified servers' notion), uses pthreads
> if available to reduce server memory footprint, uses libevent so we can
> use better polling interfaces when available, handles slow/busy hidden
> services better, supports https proxies for clients, and fleshes out our
> controller interface. It also fixes a bunch of minor but annoying bugs.

Awesome. Hidden services are a *LOT* quicker. At least for web.

Though, as an aside, what is the potential weakness for them that was
mentioned offhand in your latest draft paper? Is this
exacerbated/lessened/unchanged by the changes?

Also, got a few other random questions:

>     - Better handling for heterogeneous / unreliable nodes:
>       - Annotate circuits w/ whether they aim to contain high uptime nodes
>         and/or high capacity nodes. When building circuits, choose
>         appropriate nodes.

Are there any plans to use the ReadHistory/WriteHistory fields in the
directory servers to also guide circuit creation? Like choosing nodes
whose bandwidth history is less than their average?

>       - This means that every single node in an intro rend circuit,
>         not just the last one, will have a minimum uptime.
>       - New config option LongLivedPorts to indicate application streams
>         that will want high uptime circuits.
>       - Servers reset uptime when a dir fetch entirely fails. This
>         hopefully reflects stability of the server's network connectivity.
>       - If somebody starts his tor server in Jan 2004 and then fixes his
>         clock, don't make his published uptime be a year.

Do directory servers otherwise refuse to accept servers that just come
online and immediately report high uptime? Otherwise there could be a
possible attack to try to get more people to use a node.

>     - Make hidden services try to establish a rendezvous for 30 seconds,
>       rather than for n (where n=3) attempts to build a circuit.

Is this option tunable? Does it have any effect on hidden service
security?


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs