[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hidden Service Scaling Summer of Privacy Project

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Hidden Service Scaling Summer of Privacy Project
From: coderman <coderman@xxxxxxxxx>
Date: Tue, 26 May 2015 12:41:07 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 26 May 2015 15:41:26 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=VyG4t9fz/z5CnVzBXqzhblyW1zb+2jsZXoh+PBZ7R9Y=; b=aPKitANw114r7pHm1UjNgTVhWYwIqPLK6Uw2tJ8PAX0T9bO/bsIefM3XhojNcFIN2s zvlCkB8st13Mwit9uhh5iTtFBXuhiskBU4owFYadgbI8IhlRxnKyPy1+m/Fe4qhMyt4m BPJm689AMGb1/pSwTNckFM0TwLx+8/xMdh+v4b09wvG+fAz+WvtuxSFJNf4IyvxUNBeU CL4U9HMRPFJ/8BteeL3SDL1txqgSjO1HllLjG5V3tYw9lOb/ozfj7O84qXO6QwifA3aC b7z3Y3IX6FU8/j4/thzwy9q1gw1BD+h7FwLRHy1bPbRKWPXeJsps7YSwRNGKvS10Og0P GYyA==
In-reply-to: <55643E87.4070108@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <55643E87.4070108@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 5/26/15, Donncha O'Cearbhaill <donncha@xxxxxxxxxx> wrote:
> ...
> I am interested in hearing from all existing hidden service operators.

speaking for two,

> In particular I'd like to understand the use-cases,

- file distribution
- "web services", etherpad, ethersheet, webdav
- XMPP
- IRC
- overlay network (tun/tap)

> priorities

file distribution and chat.

> limitations

fragility; zooko's triangle. (see also namecoin and onion name service
experiments for bootstrap)

> There have been anecdotal reports on the Tor
> bug tracker that hidden services have trouble scaling to more than 100
> concurrent connections [2]. Is this something that operators here have
> experienced?

it would be nice to speak of hidden service establishment rates across
distinct number of onions, rather than a simple frequency counter.
specifically, high establishment rates over many onions is the most
performance intensive use case unless under attack of any myriad
sort...

conversely, if in a constrained environment like old computer or small
device, using only a couple onions, for light traffic is advised.

> There has also been recent DoS campaigns affecting Tor
> hidden services which have been challenging to mitigate.

one word: blowback.
 [ maybe #FreeRedTeam ? gotta make lemonade, sweet sweet lemonade ]

> In my project I hope to produce a tool which will allow a hidden service
> to be backed my multiple Tor instances which can be spread across
> multiple servers and geographical locations.

in the 50G mirror experiment, even while under volatile network
conditions, this technique - using many concurrently active onions -
worked well and kept throughput and availability consistently robust.
bigsun dist uses 9 onions across three physical hosts, for reference.

>  - Redundant hidden service hosting with no single point of failure.

#1 useful.

>  - Secure storage of hidden service keys away from the Tor service on
>    smartcards or HSM's

#2 useful.

>  - From a security perspective, would you prefer to minimize the
> software running on the onion service instance servers or minimize
> connections to the management server which has access to the service keys?

both, #3 useful.

> I've anyone has time to share, I'd be very interested in learning about
> your experiences and current challenges. I'd also be delighted to hear
> about any other features that may be useful to the HS community.

this should be a trac, wiki, or doc? :P

best regards,
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Hidden Service Scaling Summer of Privacy Project
  - From: Donncha O'Cearbhaill

Prev by Author: Re: [tor-talk] Friendly LAN bridge -- bad idea?
Next by Author: Re: [tor-talk] isolating multiple server requests
Previous by thread: [tor-talk] Hidden Service Scaling Summer of Privacy Project
Next by thread: Re: [tor-talk] tor-talk Digest, Vol 52, Issue 53
Index(es):
- Author
- Thread