TLS, threads, and workers

Roger Dingledine arma at mit.edu
Sat Sep 6 01:26:08 UTC 2003


On Fri, Sep 05, 2003 at 06:22:28PM +0100, Ben Laurie wrote:
> Ah. You can plug crypto into OpenSSL with the engines, so if you really
> want to palm RSA off to another process, then its not hard (modulo your
> definition of hard). I do have to question why you'd want to do that,
> though. Sounds like a case of premature optimisation to me.
[snip] 
> The argument for threads appears to boil down to "when I need to talk to
> a peer for the first time, I might glitch for a few milliseconds" - err
> - so?

Ok. I think we have a clear plan for the short and mid term. We've
updated tor-spec to say TLS. We're going to do TLS in the main process
for now. If it turns out that the 20ms hiccup is too much (this won't
become apparent for quite a while), then we'll look into options (threads,
or separating the heavy lifting from TLS into worker processes) and see
which is least painful. And it could be that once we've tried threads,
we find they work great on some platforms, whereas other platforms will
just have to tolerate the hiccups.

The reason I worry about the hiccups is that if we get many TLS
connections in a given second, all of the circuits going through that
router will slow down (because we're not processing cells). These
connections aren't just from other onion routers (which will be
infrequent, yes), but are also from users connecting to the
network. Several hundred active users per router, each connecting to a new
router once per minute (see [1]), is a nontrivial chunk of each second;
and if they get unlucky and gang up on a router, that's his whole second.

But I don't think this has to be a huge issue, and certainly not yet.
With luck, some more analysis will lead us to believe that we get
improved anonymity from sticking with the same first node, so the "every
minute" figure can go up a lot. And we still have the option of doing
challenge/response PoW before the TLS handshake, to spread out DoS.

And come on, if we have several hundred active users per router,
sustained, then we'll have some volunteers to help with the TLS
issue. :) Part of this mess is that we're in the odd position of having
a half-mature design that's never had more than a few users.

--Roger

[1] http://archives.seul.org/or/dev/Mar-2003/msg00003.html



More information about the tor-dev mailing list