On Tue, Nov 6, 2012 at 9:55 PM, Roger Dingledine <arma@mit.edu> wrote:
On Tue, Nov 06, 2012 at 09:36:34PM -0500, Nick Mathewson wrote:
>    Relays are running out of circuit IDs.  It's time to make the field
>    bigger.

I don't doubt the second sentence, but is the first sentence actually
true? Do we have any evidence / measurements / something here?

(Since circids are relative to the connection they're on, it's not clear
to me that any given TLS connection accrues more than a few tens of
thousands of circuits.

I think that's enough?  32K from A to B, or from B to A, is where we run out.  So if A is a popular middle node, and B is a popular exit, most of the circuits between A and B will be A->B.  So if we get "a few tens of thousands" of circuits from A to B, we hit the limit.
 
And if a very few do, maybe the solution is to
move to a new TLS connection for those rare cases, rather than impose
a 2-byte penalty on every cell in all cases.)

Maaaybe, but I sure can't think of a sane testable design for that.  Can you?  To do this sanely, we'd need to negotiate this before we exchange any actual data, and predict in advance that we'd want it. (We wouldn't want to do it on-the-fly for connections that happen to have large numbers of circuits: that way lies madness.)

Also, I think those "rare cases" are communications between the busiest Tor nodes.  I think those communications might represent a reasonably large fraction of total Tor bytes, such that having a fallback mode might not save us so much.

And also, this only adds 1/256 additonal overhead before TLS happens.  Not huge IMO.  We could save far more than that by more intelligent TLS use, if we needed to.

-- 
Nick