[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #2286 [Tor Relay]: We still use self-published relay bandwidth sometimes
#2286: We still use self-published relay bandwidth sometimes
-----------------------+----------------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.3.x-final
Component: Tor Relay | Version:
Keywords: | Parent:
-----------------------+----------------------------------------------------
There's a gap between when a new relay shows up and when there are enough
Measured votes from the directory authorities that we use the measured
bandwidth in the consensus. So all the various papers that talk about
"just run a tiny relay and advertise it as a huge relay" are not actually
solved yet -- their algorithm should just be modified to add "for a few
days".
(Actually, this bug isn't quite as bad as it could be, since you need to
be around for 3 or 5 days in order to get the Guard flag. I wonder how
quickly measurements are ready in general, i.e. who wins the race here.)
I suggest three fixes:
A) There should be a quite low cap (e.g. 50KB) for bandwidth weightings in
the consensus if there aren't enough Measured votes. I wonder if the 50KB
should be a fixed number (in which case we could just have the directory
authorities vote it, and not need to change the consensus method), or a
function of the overall numbers in the consensus (which would require a
new consensus method, but could pick a smarter cap given that some relays
have really bloated bandwidth weights).
A') Somebody should evaluate how much of our overall capacity we'd be
cutting, and what effect this cutting has on our entropy.
B) To reduce the harm to the network (since new relays would be
contributing much less), we should teach the bwauth scripts to measure new
relays more aggressively, to shorten this window.
C) The longer term solution is that we need to integrate Robin and
Nikita's secure bandwidth estimation stuff -- right now Mike's bwauth
scripts believe your self-advertised number and then tweak it based on
what they see, so you'll still get a much higher number if you self-
advertise a much higher number. Open research question how to improve
security here without sacrificing too much accuracy and without adding too
much load to the network.
Added with 0.2.3.x as the milestone, since we should do it pretty soon but
we can make the change in the directory authorities so timing isn't
critical.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2286>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs