[tor-dev] A few wtf-pad/prop254 questions

Nick Mathewson nickm at torproject.org
Wed Nov 7 17:13:12 UTC 2018

Hi!  I'm looking over prop254 and I have a few questions or
clarification requests that I hope will make things clearer to me.
Some of these are probably "wrong questions" that stem from a
misunderstanding of the underlying proposal.

1) What does "ito" stand for?  Is it documented?

2) How is RTT measurement meant to work?  It seems to me from reading
section 3.1 that middle if a middle node sees a delay of N ms between
getting a cell in the forward direction, and getting a cell in the
backward direction, then it will conclude that the RTT is at least N

But that doesn't make sense to me -- the latter cell might have been
sent in response to a different cell, or sent asynchonously, and not
in response to the first cell at all.  AFAICT unless we can be
reasonably sure that we are seeing a packet that is sent in response
to an earlier cell, be sure that we're actually measuring min(rtt).

Maybe some pseudocode would help me understand better.

3) In section 3.1, I'm assuming that "cell sent" and "cell received"
refer to a cell that we are originating, and a cell that we are
receiving, recognizing, and processing: relayed cells don't count.  Is
that correct?

4) I like that section 3.1.1 specified delays in terms of
microseconds, but we should be aware that with current implementation
restrictions, microsecond-level precision is unlikely to actually be
realistic.  I hope that's okay.

5) In section 3.1.1, can we include a formula for the bounds of the n'th bin?

6) In section 3.1.1, why is a uniform distribution used, and not some
other distribution?

7) In section 3.1 (I'm not sure where) can we specify how bins are
initialized, and how they are refilled (if at all)?

8) For machine negotiation (in section 3.3), I'd suggest that we have
the client send a list of acceptable machines in preference order,
rather than demanding a particular machine.  I think a 16-bit
identifier is safer than an 8-bit one.  We should reserve an area of
the identifier space for experimental use.

9) Can we include an example definition of one of these state
machines, with pseudocode included?

10) Should clients (eventually) begin killing circuits if they receive
padding from an unexpected place?


More information about the tor-dev mailing list