
On Wed, Nov 7, 2012 at 12:51 AM, Roger Dingledine <arma@mit.edu> wrote:
On Tue, Nov 06, 2012 at 10:10:15PM -0500, Nick Mathewson wrote:
And if a very few do, maybe the solution is to move to a new TLS connection for those rare cases, rather than impose a 2-byte penalty on every cell in all cases.)
Maaaybe, but I sure can't think of a sane testable design for that. Can you? To do this sanely, we'd need to negotiate this before we exchange any actual data, and predict in advance that we'd want it. (We wouldn't want to do it on-the-fly for connections that happen to have large numbers of circuits: that way lies madness.)
Also, I think those "rare cases" are communications between the busiest Tor nodes. I think those communications might represent a reasonably large fraction of total Tor bytes, such that having a fallback mode might not save us so much.
Ah. By "a new TLS connection", I didn't mean a new design or anything -- I meant simply a second TLS connection.
I wouldn't feel very good about this route: there are enough places in our design that assume one canonical OR connection with any given relay that changing this assumption would be emphatically nontrivial and error-prone. On the other hand, reports of circuid ID exhaustion might be premature; I get no hits searching for "No unused circ IDs. Failing" except for our source code. Has anybody seem that warning IRL? -- Nick