[tor-bugs] #20832 [Core Tor/Tor]: Design proposals to further improve guard security

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Nov 29 22:42:49 UTC 2016


#20832: Design proposals to further improve guard security
--------------------------+------------------------------------
 Reporter:  nickm         |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  tor-guard     |  Actual Points:
Parent ID:  #20822        |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by nickm):

 Here are the ideas I have in my notes; they'll need some expansion to
 become proposals. And possibly to make any sense to anyone.

 .....

 The main problem this algorithm faces right now is the initial
 bootstrapping if the ISP is eeeevil.  We're not doing worse than
 previously (I think), but we could do better.  Some  Ideas to improve
 this:

    * Mark the initial identity guards as "semi-confirmed" somehow so they
 can retain priority for a while in case the user breaks out.

    * Maintain a "suspicion index" for each guard: maybe, the number of
 guard that were down before it when it was confirmed?

    * Maybe, don't confirm guards when the primary guards are down if we're
 about to retry??? [didn't think about that one so much.]

    * Maybe when a circuit launches earlier than another , if both guards
 become confirmed, the one that was ''launched'' first should be confirmed
 with earlier confirmed_idx?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20832#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list