[tor-dev] Open topics of prop247: Defending Against Guard Discovery Attacks using Vanguards

[Roger Dingledine]

On Wed, May 17, 2017 at 02:51:48PM +0300, George Kadianakis wrote:
> ==================== Design topics ====================
> 
> * Optimize proposal parameters
> ** Optimize guardset sizes
> ** Optimize guardset lifetimes and prob distributions (minXX/maxXX/uniform?)
> ** To take informed decision, we might need a prop247 simulator, or an actual PoC with txtorcon

Thanks George.

I've just looked through prop#247 and the past tor-dev threads.

Another item to add to the design discussion list, unless it got
resolved while I wasn't looking:

* Do we do the vanguard design for *client* connections to onion
services too?

* And slipping further down that slope, how does this vanguard design
compare to Mike's virtual circuit hopes for all user circuits:
https://bugs.torproject.org/15458

We're going to have to think about scope for the meeting, so we cover
all the breadth of things we ought to cover, without also letting it
balloon into a "I think Tor should do X \forall X" week.

In particular, I think it might be smart to sort through (make a list
of) all the various attacks and concerns we want to consider, so we can
optimize against them all without forgetting some.

For example, based on what I've read so far, I'm planning to propose that
we have one 3rd level vanguard for each 2nd level vanguard, since that way
we have the option to rotate it most quickly (if we decide we want that),
and the load balancing works out better than the other options I've heard
(e.g. compared to choosing a slow 2nd level vanguard and then four 3rd
level vanguards which don't help us much because the bottleneck is at
the 2nd level).

Oh, and finally, for those who don't know about phrases like "the downhill
path algorithm", which was where many of these "multi hop guard" designs
started, be sure to look through
https://www.freehaven.net/anonbib/#ccs2011-trust

Whew,
--Roger