Ian Goldberg: > On Mon, May 28, 2018 at 01:10:21PM +0300, George Kadianakis wrote: > > 2.2. Path restriction changes > > > > In order to avoid information leaks and ensure paths can be built, path > > restrictions must be loosened. > > > > In particular, we allow the following: > > 1. Nodes from the same /16 and same family for any/all hops > > 2. Guard nodes can be chosen for RP/IP/HSDIR > > 3. Guard nodes can be chosen for hop before RP/IP/HSDIR. > > > > The first change prevents the situation where paths cannot be built if two > > layers all share the same subnet and/or node family. It also prevents the > > the use of a different entry guard based on the family or subnet of the > > IP, HSDIR, or RP. > > > > The second change prevents an adversary from forcing the use of a different > > entry guard by enumerating all guard-flaged nodes as the RP. > > > > The third change prevents an adversary from learning the guard node by way > > of noticing which nodes were not chosen for the hop before it. > > To be clear, you are proposing removing these path restrictions for > which circuits? All? All HS-related? All HS-related, but only if the > new options are turned on? Just if the new options are turned on. We're still working out all the details about what to do with path restrictions in general/default cases as part of Proposal #291 (see the "Proposal #291 Properties" thread). We may decide to change the vanguard restriction behavior as we finalize the restriction story for all of the other cases. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev