[tor-dev] Proposal 287: Reduce circuit lifetime without overloading the network.

Fernando Fernández Mancera ffernandezmancera at gmail.com
Tue Dec 12 23:55:43 UTC 2017

On 12/12/2017 11:34 PM, teor wrote:
> Is there any reason you picked these values?

I have chosen those values because if the user sets a value, I think it 
is better for this value to be around lower one from the already 
established. Even so, higher values are included to make it more 
difficult for the attacker to identify.

I've been thinking, it might be better if this value changes every time 
a circuit is marked dirty.

> Is there any research supporting this?
> Is it compelling enough to offset the usability issues?
> (See below.)

I am working on it, so I will try to get it soon as possible.

> This we believe to be true, and we think we've seen attacks using it.
> But changing circuits doesn't help those attacks.

Oh well, I missunderstood you in the last reply I think. I thought if 
the circuit changes more often then is more probably that it uses a 
different guard.

> Also, are you proposing that services mark circuits dirty?
> Because Tor doesn't work like that right now.
> Only clients mark circuits dirty.

No no, I mean clients. I will try to think deeply how it can works with 
Onion services.

>> How it works with KeepAliveIsolateSOCKSAuth:
>>  - If KeepAliveIsolateSOCKSAuth option is active, then if on
>>    (MaxCircuitDirtiness * 0.5) minutes the amount of bytes sent/received
>>    through the circuit doesn't surpass half of the established amount,
>>    this amount will be reset.
> This will break usability on many websites that depend on requests
> coming from the same IP address. This is why Tor Browser manages its
> own circuit lifetimes, and this change would break that.

Well, as above I will try to find a good use for this option combined 
with MaxCircuitSizeDirtiness. So probably I will write back in 
mid-January but if you find one, please let me know.


More information about the tor-dev mailing list