Opened 19 months ago

Last modified 5 weeks ago

#26768 assigned defect

Support onionbalance in HSv3

Reported by: asn Owned by: asn
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs scaling onionbalance tor-spec network-team-roadmap-2020Q1
Cc: s7r, gk Actual Points:
Parent ID: #29998 Points: 8
Reviewer: Sponsor: Sponsor27-must

Description (last modified by asn)

We are implementing onionbalance in v3! This is the master ticket.

[Description changed to not confuse people with the old design.]

Child Tickets

TicketStatusOwnerSummaryComponent
#31369closedatagarHSv3 descriptor support in stem [decoding]Archived/Stem
#31648closedatagarCalculate responsible HSDirs for v3 descriptors in stemArchived/Stem
#31777closedatagarKey blinding in onionbalance v3Archived/Stem
#31823closedatagarHSv3 descriptor support in stem [encoding]Archived/Stem
#31857newConsider adopting vanguard's security suggestions for onionbalanceCore Tor
#32563assignedasnMerge HSv3 spec fixes we found during onionbalance creationCore Tor/Tor
#32709assignedasnhsv3: Support onionbalance keys when handling INTRO2 cellsCore Tor/Tor

Attachments (1)

xxx-onionbalance-v3.txt (7.6 KB) - added by nickm 10 months ago.

Download all attachments as: .zip

Change History (24)

comment:1 Changed 19 months ago by nickm

Description: modified (diff)

comment:2 Changed 16 months ago by s7r

Cc: s7r added

comment:3 Changed 14 months ago by asn

Just some notes from a recent discussion about onionbalance vs the current poor man's onionbalance where every node races each other for uploading descriptors:

With the poor man's solution, there are issues when you start removing/rebooting nodes, since if the offline node currently has the active descriptor there will be reachability issues until another node wins the race.

We could fix this by making all nodes upload more frequently, and be able to pause publishes from the rebooting node, and also by ensuring that all clients will re-fetch descriptors smoothly if they can't connect to the intro points.

comment:4 Changed 10 months ago by gk

Cc: gk added

comment:5 Changed 10 months ago by asn

Sponsor: Sponsor27-must

comment:6 Changed 10 months ago by asn

Points: 20

comment:7 Changed 10 months ago by pili

Parent ID: #29998

comment:8 Changed 10 months ago by nickm

A big choice to make here will be whether to fix #29583 or not. I think we should fix #29583, but to do so will create some compatibility issues that we'll need to navigate.

If we don't fix #29583, this ticket is easier. If we do fix it, we'll need additional machinery to make onionbalance possible on v3 descriptors. I'm attaching a draft proposal I wrote a while ago about how to make that work; we should turn it into a real proposal if we decide to fix #29583.

Changed 10 months ago by nickm

Attachment: xxx-onionbalance-v3.txt added

comment:9 Changed 9 months ago by gaba

Keywords: network-team-roadmap-2019-Q1Q2 added

comment:10 Changed 6 months ago by gaba

Keywords: network-team-roadmap-september added; network-team-roadmap-2019-Q1Q2 removed

comment:11 Changed 6 months ago by dgoulet

Keywords: tor-spec added

I've taken nickm's draft and cleaned it up as an official draft: prop306.

https://lists.torproject.org/pipermail/tor-dev/2019-July/013942.html

For merge, see my torspec.git branch: ticket26768_01

At this point, we'll proceed with the easy approach for OnionBalance v3 that is not fixing #29583 just now but still having prop306 in the backlog.

comment:12 Changed 6 months ago by dgoulet

Owner: set to asn
Status: newassigned

comment:13 Changed 6 months ago by dgoulet

Points: 2015

Points changed at the Stockholm meeting.

comment:14 Changed 6 months ago by asn

Opened ticket about v3 descriptor support for stem: https://trac.torproject.org/projects/tor/ticket/31369#ticket

Still need to figure out how the blinded key generation is gonna work in Python since that's needed for HSPOST.

comment:15 in reply to:  14 Changed 6 months ago by teor

Replying to asn:

Opened ticket about v3 descriptor support for stem: https://trac.torproject.org/projects/tor/ticket/31369#ticket

Still need to figure out how the blinded key generation is gonna work in Python since that's needed for HSPOST.

We could start with the reference implementation from the tests?
https://gitweb.torproject.org/tor.git/tree/src/test/ed25519_exts_ref.py#n34

comment:16 Changed 5 months ago by asn

FWIW, I learned that Joe Landers started working on onionbalance v3 a few months ago and have some stem code and OB code that could be useful to us:
https://github.com/joelanders/stem/commit/e8455584cf50d7a398f994a7ea761baf3c7d6c00
https://github.com/joelanders/onionbalance/commit/1d30e6c5076ec2ee17e4b7a2a63ed72d0c32a670

comment:17 Changed 5 months ago by asn

Points: 158

Reducing the amount of points, since I also assigned points to child ticket #31369.

comment:18 Changed 5 months ago by asn

Points: 85

Further reducing the amount of points, now that I opened #31648.

comment:19 Changed 5 months ago by asn

Points: 510

Pumping this up to 10 points to account for unforeseen overhead (like #31648) and other final touches.

comment:20 Changed 4 months ago by asn

Points: 108

Reducing points by 2, since I splitted another task into #31777 .

comment:21 Changed 4 months ago by asn

Description: modified (diff)

comment:22 Changed 8 weeks ago by asn

Work here has started and you can find release-early-release-often updates here:
https://github.com/asn-d6/onionbalance/tree/v3_dev_wip

This is my worktree so that I dont keep all this code on my laptop. This is not meant to be used (or even seen) yet.

comment:23 Changed 5 weeks ago by gaba

Keywords: network-team-roadmap-2020Q1 added; network-team-roadmap-september removed
Note: See TracTickets for help on using tickets.