[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #17592 [Tor]: Clean up connection timeout logic

Subject: [tor-bugs] #17592 [Tor]: Clean up connection timeout logic
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 12 Nov 2015 22:02:23 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 12 Nov 2015 17:02:32 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17592: Clean up connection timeout logic
---------------------------+--------------------------------
     Reporter:  mikeperry  |      Owner:  mikeperry
         Type:  defect     |     Status:  new
     Priority:  Medium     |  Milestone:  Tor: 0.2.8.x-final
    Component:  Tor        |    Version:
     Severity:  Normal     |   Keywords:
Actual Points:             |  Parent ID:  #16861
       Points:             |    Sponsor:
---------------------------+--------------------------------
 In #6799, it was decided to keep TLS connections open for a random amount
 of time after they are idle, to defend against an attack that used
 internal Tor network connectivity information to determine Guard nodes
 (Slides:
 https://www.cryptolux.org/images/8/85/ESORICS-2012-Presentation-2.pdf
 Paper: https://eprint.iacr.org/2012/432.pdf).

 Unfortunately, this logic (in connection_or_set_canonical()) is kind of a
 mess. Relays and clients are treated the same, and client connections are
 also kept alive for an additional hour by predictive circuit building even
 when otherwise idle, where as relays are not.

 If we treat relays and clients separately for this timeout, we could
 reduce total client keep-alive time significantly (down to 30 minutes or
 so), and significantly increase relay connection lifetime. This should
 result in reduced total connection counts on relays, with better defenses
 against Torscan.

 This is also needed in order to put reasonable bounds on padding overhead
 in #16861 for mobile clients. Furthermore, aside from the wieners running
 middle relays behind junky home routers who will whine about connection
 overflow, having a more well-connected Tor network is a good idea for many
 reasons (not just Torscan).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17592>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #17592 [Tor]: Clean up connection timeout logic
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #17592 [Tor]: Clean up connection timeout logic
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #17592 [Tor]: Clean up connection timeout logic
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #17592 [Tor]: Clean up connection timeout logic
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #17592 [Tor]: Clean up connection timeout logic
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #17592 [Tor]: Clean up connection timeout logic
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #17592 [Tor]: Clean up connection timeout logic
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #17446 [Tor Browser]: Canvas image extraction prompt logic
Next by Author: Re: [tor-bugs] #17338 [DirAuth]: High latency from âFaravahar
Previous by thread: Re: [tor-bugs] #17591 [Tor]: Use channel padding to obscure circuit setup
Next by thread: Re: [tor-bugs] #17592 [Tor]: Clean up connection timeout logic
Index(es):
- Author
- Thread