On 12/08/14 12:05, George Kadianakis wrote:
One missing piece of rend-spec-ng.txt [0] is a section on how HSes should pick their Introduction Points (IPs). There are three main questions here:
- How many IPs should an HS have?
- Which relays can be IPs?
- What's the lifetime of an IP?
There might be one additional question that you might want to consider considering, that of reconnecting to introduction points? [1]
1: https://trac.torproject.org/projects/tor/ticket/8239
This functionality is required for the particular HS scaling architecture discussed below.
Furthermore, as part of the Next Generation HSes initiative [0], we are considering enhancing the availability of HSes by allowing multiple nodes per Hidden Service. A plausible idea for achieving that is to allow multiple IP circuits per Introduction Point, as explained in [tor-dev] by Christopher Baines [1]. This means that IPs would work like this: https://people.torproject.org/~asn/hs/ip_placement_scaling.jpg where HS_1, HS_2 and HS_3 are the various nodes of the HS.
This allows the IPs to launch the following attacks:
a) IPs can learn the number of nodes of an HS, by counting the number of IP circuits on them. Also, the IPs can learn the prsense of the nodes of an HS, by looking at the state of their circuit.
b) IPs can choose which HS node will receive traffic.