[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 236, Single-guard designs, and directory guards

To: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Subject: Re: [tor-dev] Proposal 236, Single-guard designs, and directory guards
From: Nicholas Hopper <hopper@xxxxxxxxxx>
Date: Tue, 6 May 2014 12:39:44 -0500
Cc: George Kadianakis <asn@xxxxxxxxxxxxxx>, tor-dev@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 06 May 2014 13:40:03 -0400
In-reply-to: <CAKDKvuzH8tmvuqS3=G=JAy9GzRRPE0mnwvth0JJ5=fkA_8spWA@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuzH8tmvuqS3=G=JAy9GzRRPE0mnwvth0JJ5=fkA_8spWA@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On Mon, May 5, 2014 at 12:07 PM, Nick Mathewson <nickm@xxxxxxxxxxxxxx> wrote:
> I noticed that proposal 236 doesn't mention directory guards. (See
> proposal 207, implemented in Tor 0.2.4.)  I think that we should
> consider retaining multiple directory guards while going to a single
> guard for multi-hop circuits.
...
> I also think that most of the arguments for single-guard apply to
> circuit guards more than to directory guards.  But there could be some
> left, and we should figure those out.

I think I mostly agree that having multiple directory guards should
not be as significant a threat as multiple circuit guards.  But:
- Having directory guard(s) besides the circuit guard *will* increase
vulnerability to guard fingerprinting, as in #10969 and
https://lists.torproject.org/pipermail/tor-dev/2013-September/005424.html

- My directory guard knows when I'm using Tor, and so will be in a
position to conduct long-term intersection attacks against sites with
public logs or timestamps  (e.g:  IP w.x.y.z is always online when
"SecretHandle" tweets). Having more guards increases vulnerability to
this kind of attack.  Would it make sense to relay directory requests
through circuit guards to avoid this?



-- 
------------------------------------------------------------------------
Nicholas Hopper
Associate Professor, Computer Science & Engineering, University of Minnesota
Visiting Research Director, The Tor Project
------------------------------------------------------------------------
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Proposal 236, Single-guard designs, and directory guards
  - From: Nick Mathewson

Prev by Author: Re: [tor-dev] RFC: obfs4 (Name not final)
Next by Author: Re: [tor-dev] Hidden Service Scaling
Previous by thread: [tor-dev] Proposal 236, Single-guard designs, and directory guards
Next by thread: [tor-dev] GSoC: Stegotorus Security enhancement
Index(es):
- Author
- Thread