[tor-bugs] #9001 [Tor]: Slow Guard Discovery of Hidden Services and Clients
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jun 17 00:28:00 UTC 2013
#9001: Slow Guard Discovery of Hidden Services and Clients
---------------------------------------------+------------------------------
Reporter: mikeperry | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Keywords: tor-hs path-bias needs-proposal | Parent:
Points: | Actualpoints:
---------------------------------------------+------------------------------
Comment(by rransom):
The only solution is to add a second layer of guards (‘identity guards’?),
dependent on the client's ‘identity’ (as determined by the same things
that control stream isolation).
This fix has some prerequisites:
* Tor relays must use a UDP-based link protocol exclusively, for multiple
security reasons. (Some entry nodes might allow their clients to connect
using other link protocols.)
* Clients must be able to choose a set of identity guards
deterministically from a ''non-uniform'' (e.g. load-balanced) distribution
according to a seed (#2653 gives one approach).
* Each client application must be associated with one or more persistent
identities. Otherwise, using identity guards only adds a moderate delay
in finding a client's entry guards.
* In order to avoid linking a client's identities, Tor clients must not
allow any information about the Tor network or destination servers
obtained through one identity to affect any behaviour of its other
identities. (This requires that adaptive CBT and the path-bias detector
be removed, and that many client-side caches be isolated to a single
identity.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9001#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list