On Tue, Nov 06, 2012 at 10:10:15PM -0500, Nick Mathewson wrote:Ah. By "a new TLS connection", I didn't mean a new design or anything --
> > And if a very few do, maybe the solution is to
> > move to a new TLS connection for those rare cases, rather than impose
> > a 2-byte penalty on every cell in all cases.)
>
> Maaaybe, but I sure can't think of a sane testable design for that. Can
> you? To do this sanely, we'd need to negotiate this before we exchange any
> actual data, and predict in advance that we'd want it. (We wouldn't want to
> do it on-the-fly for connections that happen to have large numbers of
> circuits: that way lies madness.)
>
> Also, I think those "rare cases" are communications between the busiest Tor
> nodes. I think those communications might represent a reasonably large
> fraction of total Tor bytes, such that having a fallback mode might not
> save us so much.
I meant simply a second TLS connection.