Opened 4 years ago

Closed 2 years ago

#17690 closed enhancement (fixed)

prop224: Control the number of HSDirs using a consensus parameter

Reported by: asn Owned by: dgoulet
Priority: Very High Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: prop224, tor-hs
Cc: Actual Points:
Parent ID: #20961 Points: 0.2
Reviewer: Sponsor: SponsorR-can

Description

People are worrying that HSDirs can launch traffic confirmation attacks against hidden service clients. This will be harder to do after the shared randomness proposal gets deployed but still not impossible (without some sort of PIR scheme).

Till we get there, Roger suggested we make the number of HSDirs configurable, and control it using a consensus parameter (similar to how we use NumEntryGuards).

This will also be useful after prop#246 gets implemented and we merge HSDirs with IPs.

On the technical side, we might need two consensus parameters. One for the number of replicas, and one for the number of descriptors per replica.

Child Tickets

Change History (11)

comment:1 Changed 4 years ago by nickm

Milestone: Tor: 0.2.9.x-final

comment:2 Changed 3 years ago by nickm

Points: small/medium

comment:3 Changed 3 years ago by isabela

Milestone: Tor: 0.2.9.x-finalTor: 0.2.???

tickets market to be removed from milestone 029

comment:4 Changed 3 years ago by arma

A related but different idea: djb pointed out that we could use a few bits in the onion name itself to indicate how many replicas this onion service is using in the hsdir ring.

That way it could be set on a per-service basis, rather than a global basis, so popular services could scale themselves better.

(Problem 1: you need to predict your popularity at the beginning, when you choose your name. Problem 2: I am suspicious of any design where there is more than one "name" for the same service, since it introduces partitioning questions, caching concerns, etc.)

comment:5 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:6 Changed 3 years ago by dgoulet

Cc: dgoulet special arma removed
Keywords: prop224 added
Milestone: Tor: 0.3.???Tor: 0.3.1.x-final
Parent ID: #20961
Points: small/medium0.2
Sponsor: SponsorR-can
Type: defectenhancement

Assigning parent ticket that has the broader larger concept of having consensus param for different parameters of the protocol.

comment:7 Changed 2 years ago by dgoulet

Summary: Control the number of HSDirs using a consensus parameterprop224: Control the number of HSDirs using a consensus parameter

comment:8 Changed 2 years ago by dgoulet

Owner: set to dgoulet
Status: newassigned

comment:9 Changed 2 years ago by dgoulet

Priority: MediumVery High

Prioritize prop224 tickets for 031 milestone. They are all "Enhancement".

comment:10 Changed 2 years ago by dgoulet

Milestone: Tor: 0.3.1.x-finalTor: 0.3.2.x-final

prop224 tickets going in 032 for early merge. Decided after Amsterdam meeting.

comment:11 Changed 2 years ago by dgoulet

Resolution: fixed
Status: assignedclosed

This has been implemented by #20657.

The consensus param are:

hsdir_n_replicas = 2
hsdir_spread_store = 3

Which basically means 3 HSDir per replica that is 6 HSDir right now.

Note: See TracTickets for help on using tickets.