On Wed, Nov 7, 2012 at 12:51 AM, Roger Dingledine <arma@mit.edu> wrote:
On Tue, Nov 06, 2012 at 10:10:15PM -0500, Nick Mathewson wrote:
> > And if a very few do, maybe the solution is to
> > move to a new TLS connection for those rare cases, rather than impose
> > a 2-byte penalty on every cell in all cases.)
>
> Maaaybe, but I sure can't think of a sane testable design for that.  Can
> you?  To do this sanely, we'd need to negotiate this before we exchange any
> actual data, and predict in advance that we'd want it. (We wouldn't want to
> do it on-the-fly for connections that happen to have large numbers of
> circuits: that way lies madness.)
>
> Also, I think those "rare cases" are communications between the busiest Tor
> nodes.  I think those communications might represent a reasonably large
> fraction of total Tor bytes, such that having a fallback mode might not
> save us so much.

Ah. By "a new TLS connection", I didn't mean a new design or anything --
I meant simply a second TLS connection.
 
I wouldn't feel very good about this route: there are enough places in our design that assume one canonical OR connection with any given relay that changing this assumption would be emphatically nontrivial and error-prone.

 On the other hand, reports of circuid ID exhaustion might be premature; I get no hits searching for "No unused circ IDs. Failing" except for our source code.  Has anybody seem that warning IRL?


-- 
Nick