[tor-bugs] #17773 [Tor]: Should clients avoid using guards that lost the Guard flag?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jan 17 20:56:23 UTC 2016
#17773: Should clients avoid using guards that lost the Guard flag?
-------------------------+------------------------------------
Reporter: arma | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+------------------------------------
Comment (by s7r):
I think we can live with this, given that the goal of 1 entry guard for
longer time is to make a client not choose so many times. Fast back of the
envelope calculations tell us that you have less chances of getting a bad
guard if you stick to one that lost its guard flag as opposite to having
to choose again from the relays with active Guard flags.
The fact that if this is done intentionally will make a relay have a very
small number of dedicated users for the next months is true, but maybe
it's worth the tradeoff - I don't see how you can make this attack a
targeted one (not without combining it with other attacks like path bias ;
guard turnover for which we have proposals). It's a paradox here, if I am
not targeting someone particular (since I can't with this method), it
means maybe I am pure bad and just want to mass deanonymize Tor users, in
which case a very small number of dedicated users isn't attractive. Also,
I don't see how you can defend against this properly, an operator can just
keep the guard flag, allow selectively a very small number of dedicated
users IP addresses at firewall level and drop the rest (will this lose him
the guard flag if he allows traffic only from some users and directory
authorities and every IP in the consensus plus every IP address in exit
list?).
Another reason to allow this would be that in the future, hopefully we
will grow significantly in number of relays that we will have to rotate
the Guard flags from time to time between a n% of the relays in the
network that fulfill the requirements (maybe a weighted hash ring based on
shared randomness).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17773#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list