[tor-dev] Proposal 287: Reduce circuit lifetime without overloading the network.

[teor]

Hi Fernando,

Seems like an important proposal, if there is a good argument that a
particular amount of data is "safe". I think your research may help
with this.

If everybody chooses different amounts of data, that makes them easier to
identify.

> On 1 Dec 2017, at 08:47, Fernando Fernández Mancera <ffernandezmancera at gmail.com> wrote:
> 
> About TorBrowser or any other Tor application that is able to manage circuits
> by its own because of KeepAliveIsolateSOCKSAuth option being active by default
> shouldn't be affected by this new feature. As the same form that it currently
> ignores MaxCircuitDirtiness parameter.

We talked about Tor Browser's default behaviour yesterday on #tor-dev.

KeepAliveIsolateSOCKSAuth doesn't ignore MaxCircuitDirtiness: instead, it
resets the timer each time a stream is attached to a circuit. This means
that circuits stop accepting new streams MaxCircuitDirtiness seconds after
they are *last* used for a new stream. (The default is *first used* for
a new stream.)

Onion services also have similar behaviour, but we should check the
details.

The proposal doesn't specify how KeepAliveIsolateSOCKSAuth and onion
services work with MaxCircuitSizeDirtiness and
MaxCircuitSizeDirtinessByPort. We need to specify what happens, so the
Tor Browser team knows if it needs to change its torrc. And it would
help us decide what to set as the default for onion services.

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20171201/877e1b6e/attachment.sig>