[tor-dev] Proposal 236 and the guardiness of a guard

Nikita Borisov nikita at illinois.edu
Fri Aug 1 20:16:58 UTC 2014

On Fri, Aug 1, 2014 at 7:48 AM, Zack Weinberg <zackw at panix.com> wrote:
> If a node is an exit, maybe it shouldn't *ever* be used as a guard?
> This is just off the top of my head, but it seems like there might be
> some abuse possibilities in a node that sees both entering and exiting
> traffic, even if they're never for the same circuit (which I believe
> is the current behavior).

I think if someone is interested in observing some fraction of
entering and exiting traffic, they could probably just run two nodes.
The one advantage I can see is that a Sybil attack aiming to catch
both ends of a circuit would be about half as effective, as you would
have to split your resources between guards and exits, rather than
"playing both sides."

On the downside, you might create congestion by reducing the number of
guards (or exits) as existing guard+exit nodes get pushed into one of
the two categories; my feeling is that this would be a significant
performance hit.

- Nikita
Nikita Borisov - http://hatswitch.org/~nikita/
Associate Professor, Electrical and Computer Engineering
Tel: +1 (217) 244-5385, Office: 460 CSL

More information about the tor-dev mailing list