On Thu, Oct 04, 2012 at 01:50:47PM -0400, Robert Ransom wrote:
18:04 <+eleitl> I wonder why they didn't choose UDP
Presumably because TCP was easier.
Yep.
18:05 <@cjd> you need to fall back on tcp in case you're firewalled to hell 18:05 <+eleitl> Apparently, they're thinking about it
https://blog.torproject.org/blog/moving-tor-datagram-transport
Yes. TCP was a bad choice for Tor.
That said, transporting IP packets end-to-end (i.e., having TCP sessions end-to-end across the network) is likely a bad choice as well. TCP is designed for a situation where the core pipes have extra capacity, and the edges are tiny. The Tor network is the opposite: the edges have lots of capacity, and the core network is overloaded. The result would be tens (hundreds?) of thousands of TCP streams all in slow-start talking over each other.
It's hard to win this one.
Do you have a ???P2P design??? for Tor which doesn't rely on trusted parties ???maintaining signing secrets??? and which isn't broken? (Hint: No, you don't.)
Do you have any ???P2P design??? for Tor at all which isn't broken?
For some reading, see http://freehaven.net/anonbib/#wpes09-dht-attack and all the papers around it.
18:10 <@cjd> If someone (with government hat?) tells you they can make your life hell... I wouldn't fault them for doing what the man says. 18:10 <@cjd> *wouldn't fault you 18:10 <+eleitl> I'll try bugging some Tor developers about that scenario, and see how they squirm.
See also https://www.torproject.org/docs/faq#KeyManagement https://gitweb.torproject.org/tor.git/blob/HEAD:/doc/contrib/authority-polic...
https://gitweb.torproject.org/tor.git/blob/HEAD:/src/or/config.c#l741
as for who the directory authority operators are, I suggest you attend one of the Tor developer meetings. I think we have enough diversity that nobody can roll over silently in a way that damages users.
If somebody wants to hack on https://metrics.torproject.org/consensus-health.html to make it better at noticing anomalies, please do.
18:11 <+eleitl> Also, the UDP connection thing. 18:11 <@cjd> You can "stack" your circuit setup packets if you're using UDP 18:11 <@cjd> stack -> all headers in the same packet 18:12 <@cjd> cjdns does the same thing
If this refers to including the circuit-extension packet which caused a relay to open an OR connection in the first UDP packet that it sends in order to open that connection, I agree that that would be a good thing to do, although mostly for reasons that cjd isn't mentioning.
If this refers to setting up a complete three-node Tor circuit with only one outgoing packet sent by the client, that can be implemented without a UDP-based transport (and early versions of Tor did implement it).
I think http://freehaven.net/anonbib/#sphinx-onion-fc10 is a good introduction to this topic.
--Roger