Proposal: Separate streams across circuits by destination port or destination host
robert at roberthogan.net
Fri Sep 17 17:53:52 UTC 2010
On Tuesday 31 August 2010 01:42:51 Jacob Appelbaum wrote:
> On 08/25/2010 02:12 PM, Robert Hogan wrote:
> > So this is my take on the thread so far:
> > - We've zoned in on the fact that this proposal is really about
> > isolating applications on circuits rather than ports on circuits.
> I think so too.
> > - Isolating by destination address is likely to increase the number of
> > circuits the client builds by some scary quantity.
> I'm not sure that I'm entirely on board with that - I think for
> webbrowsing this is true but for ssh or other traffic, I'm not sure. I
> actually want five circuits when I start my Tor - one for IRC, one for
> ssh, one for ttdnsd, one for email stuff, another for jabber and so on.
> In most cases, I require a different circuit for each because I don't
> want to link _any_ of that data.
I wonder would adapting LongLivedPorts to enforce circuit isolation achieve
this requirement without the risk of inducing exponential circuit creation.
Since applications that use LongLivedPorts by definition require long-
running connections and create new connections relatively infrequently it
seems like a good fit.
Changing LongLivedPorts this way would all the problem-cases I can remember
that gave rise to this proposal, most of which involved mixing chat/ssh/irc
with browsing and the like.
More information about the tor-dev