On Wed, Nov 7, 2012 at 12:51 AM, Roger Dingledine arma@mit.edu wrote:
On Tue, Nov 06, 2012 at 10:10:15PM -0500, Nick Mathewson wrote:
And if a very few do, maybe the solution is to move to a new TLS connection for those rare cases, rather than impose a 2-byte penalty on every cell in all cases.)
Maaaybe, but I sure can't think of a sane testable design for that. Can you? To do this sanely, we'd need to negotiate this before we exchange
any
actual data, and predict in advance that we'd want it. (We wouldn't want
to
do it on-the-fly for connections that happen to have large numbers of circuits: that way lies madness.)
Also, I think those "rare cases" are communications between the busiest
Tor
nodes. I think those communications might represent a reasonably large fraction of total Tor bytes, such that having a fallback mode might not save us so much.
Ah. By "a new TLS connection", I didn't mean a new design or anything -- I meant simply a second TLS connection.
I wouldn't feel very good about this route: there are enough places in our design that assume one canonical OR connection with any given relay that changing this assumption would be emphatically nontrivial and error-prone.
On the other hand, reports of circuid ID exhaustion might be premature; I get no hits searching for "No unused circ IDs. Failing" except for our source code. Has anybody seem that warning IRL?