[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #20082 [Core Tor/Tor]: Lower initial descriptor upload delay for hidden services



#20082: Lower initial descriptor upload delay for hidden services
-------------------------------------------------+-------------------------
 Reporter:  twim                                 |          Owner:
     Type:  enhancement                          |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.0.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-hs, research, TorCoreTeam201610  |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:  teor                                 |        Sponsor:
                                                 |  SponsorR-can
-------------------------------------------------+-------------------------

Comment (by asn):

 Hello, I haven't had the time to review the patch yet.

 My understanding is that the patc makes the default delay be 3s but we
 will have a torrc option to bump it up to 30s + random()?

 I'm having trouble understanding the point of this torrc option? Who would
 enable it and for what reason? IMO, it's just going to go unused and
 contribute to our increasing torrc option bloat.

 I feel that there is no point in doing probabilistic delays here without a
 proper security analysis of what they offer, and I have not seen one of
 those yet. Just saying "it obfuscates startup time" is not a security
 analysis IMO. Who does it obfuscate it from, what attacks are prevented,
 and why did we choose that random value? Most importantly, _who_ should
 enable that torrc option?

 Till this security analysis actually arrives, I'm inclined to just change
 the default delay to constant 3s, and get done with it without extra torrc
 options. Please let me know if I'm too absolute.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20082#comment:30>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs