[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] tor relay process health data for operators (controlport)
- To: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-dev] tor relay process health data for operators (controlport)
- From: Iain Learmonth <irl@xxxxxxxxxxxxxx>
- Date: Tue, 5 Feb 2019 15:46:02 +0000
- Autocrypt: addr=irl@xxxxxxxxxxxxxx; prefer-encrypt=mutual; keydata= mQINBFZp8zEBEACxOYriD+tEuc3Wpnbh+GGnyiaLEMABBrfn6JlDQphbBq/YTz9M9OPkttjx hLL/yrxlM1nD69XbGKQ9gIL3LEgOz9+OdivPbN+Q5iNMqk/WCQUqd3bCFbbsn1yvoTumFy9S 9kYX45Db3jRJoN/Nye6Stf7KKPxHxot14iY+PUR/5Gx5KbeWVKfDtQejGnhxQD73KjrX4wds BAaxnQ7KbjQyUf+IxE+8qSDcyTP+pPqxspVzx+eFqsW5+kK1eJMHxJmY/KsAs6IsGf5lvyDJ JECc2iE0mFS6vc14lGcD7BAYMPRnvlK3OcDlbdJS3ZU0LQu3/AplM7cNcesq2Btm06OUTsbj 10ZiyLi7Q0WZRuUbn7t3jOQVyOlNfjUpJhKPMMobBL2R0KzcptJbUrKc08wZD/TPaXuHKWAE JuA6kFMXtHhV8Qhxz5/d2KUA8ex+zpVd2xSR6q4llcYu1w8zHZtLN+YKSmjjKs+AjiTrCMYs OYxt4cwxuaIIhBNvCC9WqZOxHX7YHmpVcSV6K9Wwhk9mVIU3Ii0G2HWs6OQ0vIueCDGMEdVk ig/a7cVlfXNz7WuaXuhOJmHz6d6Yk4dFn5mLbEY9cZhBxf5hjCwtp9b6v+ueuptfcnOd+38G 9KH6NyHKZyS4jcd3E6Dp0+9Isbl/EohjPCujevoW3/DlT08OKQARAQABtDRJYWluIFIuIExl YXJtb250aCAoVG9yIFByb2plY3QpIDxpcmxAdG9ycHJvamVjdC5vcmc+iQJUBBMBCgA+AhsD BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEEqPe6UEHhMzOcuhaWdtWAk/VAq80FAlt13WQF CQX5OCkACgkQdtWAk/VAq82X9w/+Oe2jGxk2zQnukTAUVvbzmqoV3OFpMchFY6QOr1dxelEh RMZ331AJqLsbsBGpqrrt0z5717Y3VHWddWlJkwMgakrKPSqJ6Vm8CLnVZXdi92YWhC+NHMAr bTIprlxC6Qv7dDCf4HMC5z460S/5onEaQ51o4+aUm4+odGyeP/1UqxZqWf1uoUEIJHPKFCx0 9WpMeOUNNuFWkJNZnMxvpVJpIjMgZKd+HAQkczca0/ODVgMkK3VpqbhxO4VHTIknOqpzD+US cpa9hwZJqGt8eGYdBLmjD8qAsOQ6UMmzrEv/CLiBOnX5/5IBFkYBL69lq2Xg4uMtVV3ldTE6 HMpr9+as5YxOLP9mwRJuCCOZXZTAiLjKig3H/2OforfgwAuqQKRPdw0nSR/faFnbr/nL1FY3 8jeMx024MH85zuvZb4qRvDIxnDpR7/oEb58iCN1uvbuhODIej/1aRcRpl5tBTV8yX2OC0Fzd HOjelqFFD0Ks28mOOH+fWPq1x3jClU1zlJED2LgH6LjvoI64Mlh2+xt/i5W6AAlsmPYt8U4/ BfX89GJv055eyXZ8pSyhMPjR1UmgGd7yilYxhrEkbgTQLhudjA5xkzCZyu5Ij5+Pl4awQIXx c+owidHBUThOJFk3merzh62hHW/J3+s+fNlxkyB3L6f58CzK09Ktkv3Go7XXCQe5Ag0EWmt/ jQEQANhwgR5fq1Slk0T0Sh7Tkc5LjanQH1VuNTxOE7wzcYXrgva2ic4zdhLc2QHP9G4kz0AY /oLxtw5Sj/IMtdzBHKDBXgiqBmvkrz7mOZSQQh6K/JBcKau4MorzB80Z/Z6XQcfFKQh61+8e Im/I7AnJFUELxDe8CYmkJYKVJS9b+i9RNFvXAsamOkClcyXqPYBB9bBI8QlZHweTWDsXJqul xjHLjCWOQyJxfl9xFmlSJtskrLEmprw/PaOtXglrz/2vadn2lL3ack9V1ux9ALa5q8Oc6dnx vA/W3palFpdBoz75FckhRfliYNfdCpgo86w00bJvbJ1f6XfBIBYvsAvrIRWIkMYEmhTYm4xG gEDWz5CvGuuzkF7kJwfPdj1RgVe80JHr9OJc8ZrafBb/p35ldLxmhDi16j2VOj58CKwpi3En nMOMPteDxmCZrWeYKhfwgVAP4/zc4+9vmTp5Wpze00DnQ9MEinmJ2bxf6TyQP36Bf/8zgJVs rpqMOaumbwwmcUh85Q1PXneVWX2ryEv1I7xVMpW4APZDeOMiiHb+EpXPLTPBvXTerd/Pwzb7 WLKNpZI4tl/vh88INdrs3xZd174skDJNaNSnqzUP2kNYcxWZSH/FP4AH1IXvIxwIr9g0RpvY oX55ALOSQOdZ9ioCjf9x9mvnBsehcoEPrgozljzpABEBAAGJBHIEGAEKACYCGwIWIQSo97pQ QeEzM5y6FpZ21YCT9UCrzQUCXEHD0wUJAsOSPgJAwXQgBBkBCgAdFiEE/ps4MHN0fw3t6Aud F4mIfdjVvF0FAlprf40ACgkQF4mIfdjVvF0NJBAAuAVw1aY3IUtp8ZRI5xuhieVFDbye7z86 gP5KW8cAMKTpuowD7E3Rm31R2Pb5dX+vZlunSTBPuzRVnVNd6Kj7CR8BR426L48ogSUfIh4V IWiYxXn4DqqNGow+saPI8VwJ/y80NSb2v+qUdv7us052vs9UBBnI/zl8XrnUNix+B0g+jekT ENEVD9fNJ+9YE9cn80wLGKBx047id1IqgOeJShjE13WRj7sa+LhB8FtoOUeXduQ1sJBZTVJq XW9v0e2PNc37cc8VATrA+3HNSQJY1PETDxjJ1TW8gALpZQrfR+FDu/d2vALdULw/djCeIpl0 dr79isd6mINBKTkEcR8XPQjDUnrnO1U18YETo71N5Z6HpvaV5/XWLUl81wovddpVRvwbwuFP bJE506UiQJrthPKi6s670VBV6u5I+5+h6D+CHp1xp0Bq8PLz0EwqjZwOiLAByBT/ryD2ZY8+ 2rP9gphnEBcCtyp6Fz6Q0KyutpCPv94b4OU0eUTvl3Nroq2GWGGHAV+8r1uXpqdNSHxYmQgy b3H1dvObmE37L3BWrVNzeFb0USNiV04up/55QUrqrz7kLdBO0ZVMVLU3j7e48KcbJG2yzNHZ dnQa+ZMMIRFtm8vzSt+jEIwodi6nOeBgEiqODF8TZPbTc6183ErFoYc/FuhkUh0aR0MLZ92Q bPEJEHbVgJP1QKvNrVsP/Rd5Afh5cCw6p85wZ/a3HV0LwpZHsEHT4AnMXTt4WpBUfQ7LFKJ6 hW+/yrG63VX0z/N/BsxgWCa6j6yOXBgwEr0SLz0WHVEHVq1FOicYqnMJ5wQIpM73WROPAhL1 tIK5M9qCIoI8Lj/rpZ789PU9oQjSXVxuMni+Bws9ITEDbo/IHEqqzd/8eWxYXENd5RkSOt1n m0lKjkZXSjpHSPHkhllPGgNAHf/1PwkG6sh20aOzdnhZSliCShMWr9iovMhV2EhAmEZbYFBa hXeFkA53uP5X3CDWpzS2GRVjdN7kPbIZ/VBYoRxXRr7+5R/fbp5KQxR3emiN3os9hknJNi/3 5hmbQS5OB4YK1/dj0fTRFTw6huruBpI3aunj8HC4cntXmCG4f1xRkMpt/xVssdBqKsi88/sN z1Q5CGVIrv9QIS4E5/c8fLe1S9ncfPjCUY8DFcZHeu2FTZF8HJhHHbZpbBayIHwX4G/zMkYC ttbV1/AlIgjn6zMWZBTY0AaMtrOTzb0+NZvhkgu07dRQtr8AD1wVMeo/bVl1aFzXRC8CT3B4 S7BXR5iUl5yTvCo2Mh5CMHYzcl3pWCpUFUkvMENqpnA3dMJzLdc8K4ZsS52+zAOxc8+1Bw7n DCBWNhNHg8aLyS/poz4+YCiwFpy9pntl5zcHQ5H1qmPf9ScODUxIjrh7uQINBFprf6sBEADO ANf22so7uoGcvok2TM/T8BHI5+TqHEc4hVe+JGGJ1ZnWlgtGmpOs0fOQj3WAgGI0ZmTqMuoz KF/K9ljbjaMXsLD+JIBTD4rINy60VX2zHhmWhNaOcJvq+wbuHx0tMbhqsTStGnSkvRhH61nc MqVqlTTTLVQQSxKl9D2l7ZGwEPLHRFlydTOOix+F+Y1ehxYLVaPkaycs8wvgjYsDLo3T8Tmu OL+rcEfvxJ6lT2V5I51xqievqoBazAfXvA8FW/0G+Z9LUJmViOVluWg3xjP8okKYgOkOeX00 vMBCVaiEA08oaxY0ebS7uBEgppjWSwn+WAhB+6spd67d4W+DmAnM262lxFMhVYhXpfeV9zyg ULQOofdE6xtFkaxr/y8xQ4Bf7zX8ko6X9aFQFB/vc+zUtjzjg4VaQvWrThjaHlbEKR55MDxJ u2T9S7g5bR4zxZNv36gwlIdmx33a1AeR1nGcWa/7OtoS53+lUwyFVWLOnucqKh71Y38AAMd5 L9Fsb+ArQem71knEUTC+HvBGkPb2Y2PzGnnzhZyC8zgE8AjVD0wB+RMDNI3+fIW6biKAHDqr S6ZCVkzJ1R9nOjXMHRYZ5qlG+rCOeu6Jp4yNwp46z4PqiiLJ9NtmdNttLCEn5PDVF3g9g811 JcadvFVH1ZELoDGWMg3Q+QOHQBFYj7cj2QARAQABiQI8BBgBCgAmAhsMFiEEqPe6UEHhMzOc uhaWdtWAk/VAq80FAlxBw9MFCQLDkiAACgkQdtWAk/VAq82lng/9GcBEnk2jhvscAh90uMXU 8URP60ApuX4YcdHIM6YfUdT3Hu19N78TJt+BFwd4MXpvyhXINJMDRiDxYrR/ol1Tck/VO9la A3/0x4VPOiI/uluUXf6+VH3kuL6GUSNd2WmNcRK6oaygQ9ML92Ea5GzKa27U6d9DVbziYjdf KEcKB4PCWCoLT2pbIyIjSyCvfQ9YQ0GqxvDpOW6MqiRCNIbVRrdz+siMwoJbwkfj1VgL7yyD k/U8J6v9CtfYeppRCTySg0y1JCxuOm1C8VlH+DKFrHAqNL2u6f69UGrXnjymlvV16ovSqr1T IRWg6y1R/zAsc15AD0vKbsuJCtozfnX1s9C4U0hsVKps+QgfDQBoLYe7yjTxZtrezXLNwLI7 ZkABiZl147sPaw5lPW86/6RLvJz7iCJ4cle2/bErCo3ry0cDtoELnjD6JiN0OT9jicwqF5xR AyjFbti+qQuTkXh8ieJGmNXe3ltGfPai++G20PTVdSgMDERFQel2H0JoZZgNwiGw+8o+V8M2 /vD0rVor8DWGhPUUuIASZssfxN+LTZjldM0SkuqlYhcA0Hw060UC3pxbGxefcZdQybKHNH4I USrUy4zLp2LMVj5/sJPqDkl7zzJmloG+a3idXqHal4MIgTHu/qL/hrBWjBRhkGQck84sETTQ 4G0cqhioVn+pMFA=
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Tue, 05 Feb 2019 10:46:20 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=pjoAHh 5m4NkJ+3yiIPhLq0xF0NDNb6gNxoOCdX1nXj4=; b=EjwFVbxiiE9TEvvBCzpsVl ZpCARFWuwjusi6kVmeIiyZVqZjtSmrJ3N2TfFYldq1KJM9xn2s6p00l0FIl0EFUp usJNSrc6rbmc7r/w2+JVxYQeZydYJA5CyCkrM5bHX7qBK6jnWC5gbO2oc21IOtUQ hQVd9i0JBexDb/Ou5fjleuILX3HDCcz4IMTzjzd9l7m5gy3y91duFnA2fCtlKS1w DW2NsQ0w/tHxGrtWkFDFA1kK3LwAI8D41VgHW6rLf49UjfWUEv2KllCI+Nzpl1gc h+us/a2ddFMkSRgc0XQdmN7DQkcmoUYMQC1kdL47TZYKmPENfSS0WKZHN2oP87Bw ==
- In-reply-to: <B286D4BB-D10C-4C35-B78C-78CD733510B5@riseup.net>
- List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
- List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
- List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
- List-post: <mailto:tor-dev@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
- Openpgp: preference=signencrypt
- Organization: Tor Project
- References: <1d6ba0cf-b6ce-9ed9-ae86-d1b7f79166c1@riseup.net> <20190203131922.GA24711@raoul> <5ad8e63a-dbfb-0495-16d1-38e6da39af29@riseup.net> <B286D4BB-D10C-4C35-B78C-78CD733510B5@riseup.net>
- Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0
Hi All,
On 04/02/2019 06:35, teor wrote:
> If we add enough noise to protect most users, then we will have privacy by design.
I would argue that noise does not help here, as we would have to add
enough noise to protect against a guard discovery attack, which is too
much noise for the stats to be useful.
I only learned that these stats have such high resolution last week and
I'm very concerned about this.
Regarding limiting retention time, if I'm trying to pull off a guard
discovery attack then I'm probably going to be interested in only the
timeframe that relates to my attack. Retention periods aren't going to
help here and may in fact make it worse if LE suspects that the data
would disappear after a given time period and so issues an emergency
order that might be even more restrictive or carry heavier sanctions for
non-compliance.
Are the statistics in the extra-info descriptor really not useful for
the purpose of graphing to monitor health? If they are not then we
should come up with ways of addressing this but if they are then we
should not be retaining any more data than that which is already public.
If we think that the 6-hour statistics are safe to collect (which we
previously decided they were not when we changed the granularity of the
bandwidth stats) then we could add them to extra-info descriptors.
I am worried that exposing/retaining statistics without a proper review
of the attacks they enable, even with the best guidelines in the world,
is dangerous. If we have retention guidelines we also have no way to
enforce those and this could introduce a systemic weakness in the network.
I have filed #29344 to consider these things.
Thanks,
Iain.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev