Any objections to this approach? Is Orchid ready for this?
It seems like a good architecture to target. I'm not sure that the current Orchid codebase has gotten as much review yet as it would need before I'd be comfortable making it the default option, but an experimental build could be a fine idea.
(My two cents' worth; two cents not refundable)
Hi, Orchid (previously called JTor) author here,
I agree with Nick to be cautious about rushing out and replacing Tor with Orchid for really important projects. I believe that it works well and that it is implemented correctly and securely, but you may want to collect more opinions than just mine about that. Although Orchid is advertised as working on Android, the amount of testing on Android has been very light so far.
So please start using Orchid experimentally to discover bugs and other inadequacies, but for projects that can get away with using C Tor that's probably a better plan for now.
To help you decide if Orchid is appropriate for use here's a list of important things which have not (yet) been implemented:
* Path bias defense * Adaptive circuit build times (also, path bias depends on this?) * Stream isolation * Optimistic data * Control protocol * Publication of hidden services
(I don't understand the description of Adaptive CBT in the spec at all, so I would either need to blindly copy the implemenation from Tor (i.e circuitstats.c) or need help from the original author.)
--brl
On Mon, Dec 2, 2013 at 11:09 AM, Bruce Leidl bruce@subgraph.com wrote:
To help you decide if Orchid is appropriate for use here's a list of important things which have not (yet) been implemented:
- Path bias defense
- Adaptive circuit build times (also, path bias depends on this?)
- Stream isolation
- Optimistic data
- Control protocol
- Publication of hidden services
This makes me wonder: Would it be helpful to start compiling a big list of things which could go wrong with a Tor implementation without making it obviously broken? I think a checklist like that might help people working on compatible implementations to have some idea what to look for once you have something that interoperates. Would you have found that useful? Would you find that useful now?
yrs, -- Nick