Suspicious Circuits

Roger Dingledine arma at mit.edu
Wed Dec 19 15:32:37 UTC 2007


On Wed, Dec 19, 2007 at 03:35:02PM +0100, Karsten Loesing wrote:
> Subsequently, at 16:07:12 you restarted Tor and made it establish new
> introduction points at "otherator2", "crelm", "bytebutlerfive" and
> publish a new descriptor containing these introduction points at
> 16:07:53. Again, the delay of 41 seconds is intentional. But---and this
> is the problem---when accessing your service at 16:07:25, Tor downloaded
> the first descriptor without being able to know that it's obsolete. So,
> Tor tried to connect to "Slowpoke" and the other introduction points
> which were not acting as introduction points for your service any more.
> That's why you get those NAKs which lead to re-extending the failed
> introduction circuits which is also normal behavior.
> 
> Hence, there is not a problem in the Tor code.

Hi Karsten,

A) This explains why it is trying the old introduction points, and it
explains why it's building a long circuit trying each one in turn. But
why is it trying the same introduction point more than once?

B) Do you think it's possible to reduce the "30 second delay" to make
this sort of behavior happen less often? It would be nice to have hidden
services launch more 'immediately'. But on more thought, I think 30
seconds may already be a bare minimum, if we consider users on crappy
connections setting up hidden services. Hm.

Thanks,
--Roger



More information about the tor-talk mailing list