an idea about how to improve routing for interactive services

Roger Dingledine arma at mit.edu
Thu Feb 2 08:43:23 UTC 2006


On Mon, Jan 23, 2006 at 02:47:44PM +1000, glymr wrote:
> >Actually, we already do something like this. Nodes report their uptime,
> >and we assume that a long uptime implies that it will stay up.
>
> yes, that's not a good assumption to make however. average uptime is a 
> more useful metric, when a system has been up for a long time it may be 
> just about to go down. also, for irc users, a connection which can stay 
> up for 8 hours or more is regarded as quite adequate by most.

You're right. We've put this on the roadmap for the 0.1.2 release.

The other piece is that we want to track average amount of time per day
that the server is live, so we know whether it's a suitable choice as
a guard entry node.

> but unfortunately there is nothing yet in the protocol to stop my node 
> being a part of a bursty, short-lived high-bandwidth circuit. being able 
> to control this would be very useful. and that's what i'm talking about, 
> having two classes of traffic in tor, so that nodes that have good 
> uptime but low bandwidth can contribute to improving the interactive 
> connection experience with tor.

Ah. We are not likely to implement this. It seems hard to predict, before
a connection happens, what traffic pattern it will have. Judging by port
may be an ok approximation for now, but it will encourage the trend toward
moving the whole Internet over port 80. Most importantly, middle nodes
don't know the port/address/etc for the streams they're transporting,
and we don't want to get into that fine-grained level of censorship.

> One other point that might be worth mentioning is that these long lived 
> connections would probably benefit, due to their long life and low ping, 
> from having 4 or 5 hops instead of 3 to help reduce the traffic analysis 
> problem, since it would be very easy to have a lot more people running 
> these low capacity high uptime nodes, the extra traffic is insignificant.

Yes, but the increased chance of having a broken connection is bad. It
seems that extending the path length will really hurt your reliability.

As for getting more security from more hops, see
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#LongerPath

But you're right that long-lived circuits may be more vulnerable. As
far as I know, nobody has done any research on the implications of this
in practice.

> Oh, and because these connections are very low bandwidth, it could be 
> incorporated into the client to automatically relay traffic from known 
> low bandwidth ports, if the client finds itself with a high uptime average.
> 
> Think about how important persistence is with interactive connections. 
> SSH is a classic example... what happens if you are in the middle of 
> some irritaingly long process and suddenly your connection pings out? I 
> think that there should be a priority made in the tor architecture to 
> promote this kind of use of tor because it's probably the most delicate, 
> security wise. Consider the benefits for activists being able to use 
> instant messaging without being monitored, for organising and such.

We would love to make progress on everything at once. Please help out
(development or funding) and we will focus on this too.

--Roger



More information about the tor-talk mailing list