[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #25347 [Core Tor/Tor]: Tor keeps on trying the same overloaded guard over and over
#25347: Tor keeps on trying the same overloaded guard over and over
-------------------------------------------------+-------------------------
Reporter: teor | Owner: asn
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.3.0.6
Severity: Normal | Resolution:
Keywords: 031-backport, 032-backport, | Actual Points:
033-must, tor-guard, tor-client, tbb- |
usability-website, tbb-needs, |
033-triage-20180320, 033-included-20180320 |
Parent ID: #21969 | Points: 1
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by mikeperry):
If this behavior is infrequent, then it is probably a good idea not to
rotate guards unless we get a *lot* of destroys.
I don't like the fact that by not doing anything about this, we're
allowing a confirmation/search attack where an adversary can DoS guards
until a hidden service becomes (mostly) unreachable, and I would argue
that such an attack is worse than moving to a different guard, but that
attack could also be mitigated by just having two guards instead of one
(since it is harder to keep pairs of guards offline simultaneously during
a search for such a confirmation).
So I accept the NACK of the patch (and the second commit in #25705), but I
think we should not forget what this decision means wrt DoS and
confirmation.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25347#comment:33>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs