[tor-dev] Draft of proposal "Direct Onion Services: Fast-but-not-hidden services"
str4d at i2pmail.org
Sat Apr 11 00:03:41 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
George Kadianakis wrote:
> David Goulet <dgoulet at ev0ke.net> writes:
>> On 09 Apr (21:58:49), George Kadianakis wrote:
>>> I inline a proposal for Direct Onion Services. It's heavily
>>> based on the "encrypted services" proposal of Roger, but I
>>> refined it, made it more proposaley and enabled a few more
>>> optimizations. You can find the original piece here:
Feedback would be greatly appreciated.
>> First thanks for that! Really useful stuff.
>>> Here are some specific points that I would like help with:
>>> - Should we require a specially compiled version of Tor to
>>> enable this feature? Like we do for tor2web mode? In this
>>> proposal, I didn't require any special compilation flags. I
>>> don't have strong opinions here.
>> IMO, I'm not sure this is useful. This feature requires prior
>> knowledge of the HS operator to know what's a "Direct Onion
>> Service" and decide that she wants that for her service. Thus, a
>> torrc option seems enough. I don't see any reasons for this
>> option that will limit deployment.
> Yes, I also feel the same.
> My main fear is sample torrc's that are being posted around the
> net and people just copy-paste them into their box: someone might
> not notice the DirectOnionServiceEnable option.
Perhaps this could be mitigated by alerting the user the first time
Tor is started with this option enabled. This is obviously harder to
do if Tor is started as a service, but it should be possible for
manually-started Tor or TBB.
>>> 3.2. One-hop circuits [ONEHOP]
>>> When in this mode, the onion service establishes 1-hop circuits
>>> to introduction and rendezvous points. The onion service SHOULD
>>> also ignore cannibalizable 3-hop circuits when creating such
>>> This looks like this for the rendezvous point case:
>>> |direct onion service| -> RP <- client middle <- client guard
>>> <- |client|
>>> This change allows greater speeds when establishing a hidden
>>> service circuit and reduces round-trip times. As a side-effect,
>>> busy onion services with this feature cause less damage to the
>>> rest of the network, since their traffic gets passed around
>> Would it be possible to drop the rendezvous part where the client
>> could simply connect to the IP and then the circuit back to the
>> HS would be used? (Though that would require that the client
>> knows the HS it's trying to reach is a Direct Onion Service,
>> could be mention in the descriptor?...)
> I think that's indeed possible, but would require multiplexing
> multiple client connections on a single IP circuit, which Tor
> cannot do at the moment AFAIK. It is my understanding that it's not
> an easy change, but I'm pretty sure that I2P and other projects are
> doing it, so we could in theory take a look at how those guys do
I2P does have the ability to run "zero-hop" tunnels, yes - the router
simply provides its own details for the tunnel entry point. But this
probably isn't directly helpful for Tor because I2P is a
packet-switched network, and it doesn't use separate rendezvous points
for individual connections between Destinations.
For high-traffic services that don't require anonymity, we generally
recommend using one-hop tunnels instead of zero-hop. This is primarily
to avoid connection limits being exceeded on the hosting router. The
speed hit of having an additional hop in the path is generally
outweighed by the benefit of only having e.g. 8 incoming connections
for a particular service, instead of several thousand. It therefore
also helps to mitigate DDoS attacks (although the biggest of services
e.g. Facebook would likely have their own systems that would better
> _______________________________________________ tor-dev mailing
> list tor-dev at lists.torproject.org
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the tor-dev