[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 292: Mesh-based vanguards

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal 292: Mesh-based vanguards
From: Ian Goldberg <iang@xxxxxxxxxxxxxxx>
Date: Mon, 28 May 2018 09:00:27 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 28 May 2018 09:00:43 -0400
In-reply-to: <87tvqsccqa.fsf@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <87tvqsccqa.fsf@riseup.net>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.24 (2015-08-30)

On Mon, May 28, 2018 at 01:10:21PM +0300, George Kadianakis wrote:
> 2.2. Path restriction changes
> 
>   In order to avoid information leaks and ensure paths can be built, path
>   restrictions must be loosened.
> 
>   In particular, we allow the following:
>      1. Nodes from the same /16 and same family for any/all hops
>      2. Guard nodes can be chosen for RP/IP/HSDIR
>      3. Guard nodes can be chosen for hop before RP/IP/HSDIR.
> 
>   The first change prevents the situation where paths cannot be built if two
>   layers all share the same subnet and/or node family. It also prevents the
>   the use of a different entry guard based on the family or subnet of the
>   IP, HSDIR, or RP.
> 
>   The second change prevents an adversary from forcing the use of a different
>   entry guard by enumerating all guard-flaged nodes as the RP.
> 
>   The third change prevents an adversary from learning the guard node by way
>   of noticing which nodes were not chosen for the hop before it.

To be clear, you are proposing removing these path restrictions for
which circuits?  All?  All HS-related?  All HS-related, but only if the
new options are turned on?
-- 
Ian Goldberg
Professor and University Research Chair
Cheriton School of Computer Science
University of Waterloo
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Proposal 292: Mesh-based vanguards
  - From: George Kadianakis

Prev by Author: Re: [tor-dev] Proposal: Tor bandwidth measurements document format
Next by Author: Re: [tor-dev] HS v3 client authorization types
Previous by thread: [tor-dev] Proposal 292: Mesh-based vanguards
Next by thread: [tor-dev] (no subject)
Index(es):
- Author
- Thread