[tor-dev] Proposal 259: New Guard Selection Behaviour

s7r s7r at sky-ip.org
Sun Mar 27 11:03:37 UTC 2016 

Hi,

On 3/27/2016 1:00 PM, George Kadianakis wrote:
>>[snip]
>>
>> https://lists.torproject.org/pipermail/tor-dev/2015-November/009871.html
>>
> 
> Hmm, this seems like something worth considering. 
> 
> IIUC you are basically suggesting using a single guardlist instead of having
> two. And then also making sure that a representative amount of dystopic bridges
> are present in that guardlist. So if the set of guards in the latest consensus
> is 20% dystopic bridges (in bandwidth), we should choose 20% of our guardlist
> to be dystopic guards.
> 
> I can see how this simplifies the guard selection logic, with the cost of
> slightly complicating the guard sampling logic. It seems like a good trade in
> this case.
> 
> However, this whole suggestion assumes that a good percentage of the total
> guard bandwidth is actually dystopic (your mail assumes 28% which is a pretty
> good number). What's the actual bandwidth % of dystopic bridges in the current
> network? If it's 20% it's a good number for our purposes, but if it's like 1%
> then that's bad since we are only going to end up adding 1 or 2 dystopic
> bridges only making our heuristic much more flaky. Also, in the end the quality
> of our heuristic will depend on this % which is suboptimal.
> 
> FWIW in my definition of dystopic bridge above I've been assuming it's bridges
> with ORPort on 80 or 443.
> 
> We should look more into this. Reinaldo, Ola, any comments? Is this simulatable?
> 

Ok, sounds fair. But if the total percentage of dystopic guards (ORPort
on 80 or 443) is 1% if the total Guard bandwidth it's true that a
general combined list will have maybe 1 or 2 dystopic guards, making it
kind of suboptimal.

But I think it's equally suboptimal if we have 2 separate lists (utopic
and dystopic) and the dystopic guard list will contain only few dystopic
guards or same dystopic guards for all clients (if there's only 1% of
dystopic guard bandwidth). I guess this is an 'tor-environment' problem
outside the scope of prop#259, and in case we will have only 1% of
dystopic guards we will experience overloads and usability problems for
users behind FascistFirewalls regardless if we use a combined list or
two separate lists. But on the other hand if we use one combined list we
could simplify guard selection logic and maybe win some seconds for
first successful connection.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160327/562dcb13/attachment.sig>

More information about the tor-dev mailing list