[tor-bugs] #4862 [Tor]: Tor Hidden Service Intro Point replacing numerology
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 31 03:37:33 UTC 2013
#4862: Tor Hidden Service Intro Point replacing numerology
-----------------------------------+----------------------------------------
Reporter: hellais | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: Tor | Version:
Keywords: needs-proposal tor-hs | Parent:
Points: | Actualpoints:
-----------------------------------+----------------------------------------
Comment(by rransom):
Replying to [comment:12 asn]:
> Replying to [comment:5 rransom]:
> > Replying to [comment:4 arma]:
> > > rransom, did you have an opinion on hellais's numbers?
According to [http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf a
recent paper], hidden services' descriptors are only requested tens of
thousands of times per day. Arturo's claim that a popular hidden service
could be connected to 1000000 times per day is either (a) bullshit, or (b)
based on the number of HTTP requests or the number of streams carrying
HTTP requests, not the number of introduction attempts.
The limit on the number of introductions to be handled by an introduction
circuit during its lifetime is only partly a measure of service
popularity; it is also the limit on the amount of memory consumed by each
introduction circuit's replay-detection cache. Based on the numbers in
the recent paper, 16ki introductions per circuit was far too high.
(Unfortunately, no one who operated a popular hidden service provided
useful measurements to me while I was designing the introduction-point
expiration code.) It would be reasonable to reduce
`INTRO_POINT_LIFETIME_INTRODUCTIONS` to a few thousand.
> > '''Do not''' exceed 10 introduction points in any hidden service
descriptor.
>
> Robert, why is '''10''' your hard limit on the number of Introduction
Points? Do you think that more than 10 Introduction Points per HS would
put too much load on the network?
There are several reasons that anyone who understands Tor well enough to
be trusted to maintain or update or redesign or even gripe about the
hidden service protocol would refuse to consider putting more than 10
introduction points in any hidden service descriptor. Here are some of
them:
* Each hidden service publishes its descriptor to at most 6 directory
servers. This constant 6 is part of the Tor protocol and enforced at all
hidden services, all HS clients, and all HS directory servers, and cannot
be changed within version 2 of the HS directory protocol. Any hidden
service whose clients would overload 10 introduction points with `CREATE`
cells would overload its directory servers with `CREATE` cells first.
* There is an upper limit on the length of a v2 HS descriptor, enforced
at all HS directory servers. 10 introduction points is clearly more than
any hidden service will ever need to put in a single descriptor, and keeps
HS descriptor sizes well below that upper bound, even if a future version
of Tor includes more information about each introduction point in every HS
descriptor.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4862#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list