[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Hidden Service Scaling Summer of Privacy Project
On 5/26/15, Donncha O'Cearbhaill <donncha@xxxxxxxxxx> wrote:
> I am interested in hearing from all existing hidden service operators.
speaking for two,
> In particular I'd like to understand the use-cases,
- file distribution
- "web services", etherpad, ethersheet, webdav
- overlay network (tun/tap)
file distribution and chat.
fragility; zooko's triangle. (see also namecoin and onion name service
experiments for bootstrap)
> There have been anecdotal reports on the Tor
> bug tracker that hidden services have trouble scaling to more than 100
> concurrent connections . Is this something that operators here have
it would be nice to speak of hidden service establishment rates across
distinct number of onions, rather than a simple frequency counter.
specifically, high establishment rates over many onions is the most
performance intensive use case unless under attack of any myriad
conversely, if in a constrained environment like old computer or small
device, using only a couple onions, for light traffic is advised.
> There has also been recent DoS campaigns affecting Tor
> hidden services which have been challenging to mitigate.
one word: blowback.
[ maybe #FreeRedTeam ? gotta make lemonade, sweet sweet lemonade ]
> In my project I hope to produce a tool which will allow a hidden service
> to be backed my multiple Tor instances which can be spread across
> multiple servers and geographical locations.
in the 50G mirror experiment, even while under volatile network
conditions, this technique - using many concurrently active onions -
worked well and kept throughput and availability consistently robust.
bigsun dist uses 9 onions across three physical hosts, for reference.
> - Redundant hidden service hosting with no single point of failure.
> - Secure storage of hidden service keys away from the Tor service on
> smartcards or HSM's
> - From a security perspective, would you prefer to minimize the
> software running on the onion service instance servers or minimize
> connections to the management server which has access to the service keys?
both, #3 useful.
> I've anyone has time to share, I'd be very interested in learning about
> your experiences and current challenges. I'd also be delighted to hear
> about any other features that may be useful to the HS community.
this should be a trac, wiki, or doc? :P
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to