I'll split this off into a separate thread. On Mon, 2016-10-03 at 09:43 +0000, Georg Koppen wrote:
As a last and more general point in my mail I thought it might be good to point out that we need to have a discussion about whether your blinded token idea is actually a good solution to the problem at hand.
I'm concerned that CloudFlare's concerns over Token stockpiling, coupled with not doing stuff Rodger asked for previously, like free GET requests, will result in a scheme that improves matters but still basically feels unusable. I'd worry less if CloudFlare's crypto folk were confident they could push though previous tor requests like free GETs, or similar, either before or in tandem with deploying the token scheme. It'd be unfortunate if people spent oodles of time only for parameter choices to make the scheme remain quite painful. Not if I understand CloudFlare's published blocking statistics for Tor relays, then CloudFlare sees roughly *two* Tor circuits as being bad at any given time, out of *all* Tor circuits, fewer if the bad Tor clients rotate circuits faster. This is quite a small set to detect. I cannot estimate the bad page loads from their published data though, but presumably the detected bad page loads come form honey pot sites, so the actual bad page loads should quite numerous, which helps. It'd be helpful if CloudFlare could provide some data from which we can estimate bad page loads, so that we can meaningfully discuss issues like token stockpiling. Best, Jeff