[tor-bugs] #8240 [Tor]: Raise our guard rotation period

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Feb 16 07:38:34 UTC 2013 

#8240: Raise our guard rotation period
----------------------------------------------------+-----------------------
 Reporter:  arma                                    |          Owner:                    
     Type:  defect                                  |         Status:  needs_review      
 Priority:  major                                   |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor                                     |        Version:                    
 Keywords:  tor-client needs-proposal 023-backport  |         Parent:                    
   Points:                                          |   Actualpoints:                    
----------------------------------------------------+-----------------------
Changes (by arma):

 * cc: mikeperry, iang, tariq.ee, rpw (added)


Comment:

 Nick's patch raises the guard rotation period to ~9.5 months (from ~1.5
 months).

 If we keep giving out the Guard flag in the same way, and it remains the
 case that well more than half of the capacity in the network has the Guard
 flag (~65% on https://metrics.torproject.org/network.html#bwhist-flags),
 and the median byte of guard capacity has had the Guard flag for at most
 4.75 out of the last 9.5 months (I just made that number up, but I bet
 there exist times when it's plausible), then we basically just threw away
 >1/3 of our total network capacity by having clients never use it when
 they could have. Our bwauths might try to compensate by blowing up the
 weights of those new nodes, but from a security perspective that's exactly
 what we don't want (especially if they're Exits too, and the same weight
 inflates their chance of being used as an exit too).

 Our current client weighting in path selection assumes a steady-state
 where everybody with the Guard flag has had it long enough to attract its
 fair share of users. This isn't true now, but we've been doing ok
 pretending it is. I fear we won't be able to pretend once you need to have
 run your Guard for nine months before you hit steady-state.

 I like the idea of putting in a parameter now, so we can teach clients to
 obey the parameter now, and change it later. But I think clients need to
 know how close to steady-state a guard is, so they can balance
 appropriately. Is that a new weight on the w line? Or something else?

 I'm cc'ing Mike here, since he started the whole balance-by-position-in-
 path strategy; and Ian and Tariq, since they worked on the COGS paper; and
 Ralf, since he touched on this issue in his upcoming Oakland paper.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8240#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list