[tor-bugs] #15251 [Core Tor/Tor]: Make tor support starting with 10.000 Tor Hidden Service

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Dec 1 10:15:35 UTC 2017 

#15251: Make tor support starting with 10.000 Tor Hidden Service
------------------------------------------+--------------------------------
 Reporter:  naif                          |          Owner:  (none)
     Type:  task                          |         Status:  new
 Priority:  Low                           |      Milestone:  Tor:
                                          |  unspecified
Component:  Core Tor/Tor                  |        Version:  Tor:
                                          |  unspecified
 Severity:  Normal                        |     Resolution:
 Keywords:  tor-hs, scalability, tor-dos  |  Actual Points:
Parent ID:                                |         Points:  10
 Reviewer:                                |        Sponsor:
------------------------------------------+--------------------------------

Comment (by teor):

 Replying to [comment:16 naif]:
 > @teor do you think that Tor2webMode 1 (that require compile-time flags)
 will make connections going to HSDir to become 1-hop only?
 > Ref: https://trac.torproject.org/projects/tor/ticket/2553
 >
 > That way the single-onion will also make outgoing "single-hop"
 connections for the connections to HSDirs ?

 Don't do this. Connecting to HSDirs over a 1-hop path allows HSDirs to
 selectively deny service to clients and onion services based on their IP
 address. This is why single onion services connect over a 3-hop path.

 If you have this many onion services on a tor instance, it will need to be
 connected to most relays anyway. If you use a single onion service, it
 won't use fixed guards, so it will spread the HSDir circuit load over the
 entire network.

 Using single-hop paths for HSDirs is a bug in Tor2web that we plan to fix
 in #20104.
 Also, we plan on removing Tor2web in a few years time when we remove v2
 onion services. Tor2web isn't well tested or supported.

 Also, have you considered using subdomains on a few onion services, rather
 than trying to set up 10,000?
 Or do you need the authentication to each individual entity?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15251#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list