[tor-dev] Orbot+Orchid redesign

Bruce Leidl bruce at subgraph.com
Mon Dec 2 16:09:54 UTC 2013


>> Any objections to this approach? Is Orchid ready for this?
> 
> It seems like a good architecture to target.  I'm not sure that the
> current Orchid codebase has gotten as much review yet as it would need
> before I'd be comfortable making it the default option, but an
> experimental build could be a fine idea.
> 
> (My two cents' worth; two cents not refundable)

Hi, Orchid (previously called JTor) author here,

I agree with Nick to be cautious about rushing out and replacing Tor
with Orchid for really important projects.  I believe that it works well
and that it is implemented correctly and securely, but you may want to
collect more opinions than just mine about that.  Although Orchid is
advertised as working on Android, the amount of testing on Android has
been very light so far.

So please start using Orchid experimentally to discover bugs and other
inadequacies, but for projects that can get away with using C Tor that's
probably a better plan for now.

To help you decide if Orchid is appropriate for use here's a list of
important things which have not (yet) been implemented:

  * Path bias defense
  * Adaptive circuit build times (also, path bias depends on this?)
  * Stream isolation
  * Optimistic data
  * Control protocol
  * Publication of hidden services

(I don't understand the description of Adaptive CBT in the spec at all,
so I would either need to blindly copy the implemenation from Tor (i.e
circuitstats.c) or need help from the original author.)

--brl




More information about the tor-dev mailing list