Proposal 144: enforce distinct providers

M Fr mfr at misericordia.be
Thu Jul 3 12:10:33 UTC 2008 

Hello,

On Wed, Jul 2, 2008 at 11:10 AM, Cat Okita <cat at reptiles.org> wrote:
>
> I don't believe that this will have the intended effect.  If anything, I'd
> expect to see this increase latency,
I don't expect that because there is already the /16 subnet exclusion.
Perhaps we can go faster in some cases.
> and push more traffic towards exchange
> points, where (depending on the structure of the exchange), an attacker
> could
> easily monitor many providers at once, 'cheaply'.
The main objective of the proposal is not to prevent exchange point monitoring.
First, because this excellent paper
http://freehaven.net/anonbib/#feamster:wpes2004 as already
demonstrated that it's not necessary because of the BGP logic of
traffic repartition between peering and providers.
The objective is to prevent people observing a circuit with all
routers in the same provider area.

>
> Further, without correlation of leaf nodes that are partially or completely
> subsumbed in a given AS, changing AS numbers isn't really indicative of any
> useful characteristic.  For that matter, without correlating all of the AS
> numbers owned by a given entity (an interesting challenge, to be polite),
> there's no guarantee at all that a changing AS reflects anything at all.
>
Please check the list referenced
http://as4jtw5gc6efb267.onion/IPListbyAS.txt if you find many
redundant providers. I've not found many cases in fact two (Road
Runner and one chinese operator)
For more than 90% of nodes it's efficient.
Perhaps as i've said the proposal could be improved making AS family
but cos i've no ideas on circuit build in china, i've not added any
restrictive proposal.
And also I don't  want to increase network latency.
This proposal is supposed to be iso-latency.

> Beyond that, if you're still talking about classful address space in this
> day
> and age, I'd suggest that some consideration of modern networking might well
> be in order...
>
Sorry English is not my mother langage, sometimes i use the more
simple language for me.

How can you improve this proposal ?

> cheers!
>
Regards

> On Tue, 1 Jul 2008, Nick Mathewson wrote:
>>
>> Filename: 144-enforce-distinct-providers.txt
>> Title: Increase the diversity of circuits by detecting nodes belonging the
>> same provider
>> Author: Mfr
>> Created: 2008-06-15
>> Status: Draft

More information about the tor-dev mailing list