[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: no circuit loops?
On Sat, Oct 25, 2003 at 05:24:10AM -0400, Roger Dingledine wrote:
> On Fri, Oct 24, 2003 at 10:55:25AM +0100, Andrei Serjantov wrote:
[snip]
>
> Yes, this is an additional constraint. So that gives us:
> * the first hop is either fixed or totally free
> * the last hop must be something with an ok exit policy
> * the first hop and the last hop must be different
> * no two adjacent routers should share the same onionskin key
>
> Did I miss any?
>
An ABA loop in a circuit hides nothing from either A or B. The
possibility of it might prevents some inferences on the part of others
that we have been discussing in other messages. But not much unless
there are two links between them or other things we haven't even
broached; an observer on the link or on their network interfaces will
see this, absent a padding scheme (which we are not now pursuing), and
other nodes not able to directly observe will find this
indistinguishable from a delay at A, even if they are part of the
circuit. Also, given the geometric distribution and the first-last
constraint, most of these are going to be four hop circuits, i.e.,
this loop will be at one end or the other. Somehow just adding delay
at the first or exit node seems more emphatically wasteful of
overhead. And since everybody knows the distribution, a bad B will be
able to infer with high probability the entry and exit points. So why
give more info to the adversary without any added protection? This is
all the worse for enclave level protection. The upshot is that I
think we should probably require loops to be at least ABCA. Comments?
aloha,
Paul