Opened 8 months ago

Closed 5 months ago

Last modified 2 months ago

#28610 closed enhancement (not a bug)

will WTF-PAD impair bandwidth scanning?

Reported by: starlight Owned by:
Priority: Medium Milestone: Tor: 0.4.0.x-final
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Normal Keywords:
Cc: asn, mikeperry Actual Points:
Parent ID: #28693 Points:
Reviewer: Sponsor: Sponsor2

Description

Is it possible that excess padding data from the WTF-PAD enhancement will impair quality of bandwidth scanner results?

If the answer is yes, should a control channel feature be created to allow disabling WTF-PAD for controller-managed circuits?

Note in anticipation of a debatable concern: Great quantities of thought have been expended and verbiage has been generated regarding fingerprinting of scanner traffic that can lead to attacks on the network, but my view is this is not as important as producing good network balance. Attracting excess traffic to relays is seemingly of no benefit to the sophisticated adversary and brick-throwing troublemakers can be identified and mitigated. Years of experience with Torflow have not resulted in major incident (AFIK).

Child Tickets

Change History (8)

comment:1 Changed 8 months ago by nickm

Cc: asn mikeperry added
Milestone: Tor: 0.4.0.x-final

I wouldn't think that it would have any effect, but I've added mike and asn to the cc.

comment:2 Changed 8 months ago by asn

I don't think so, but this will likely depend on whether we enable a padding machine by default or not, and which types of circuits it will be  enabled on. Let's keep this ticket open for when we make these decisions.

comment:3 Changed 8 months ago by teor

I opened #28692 to set ConnectionPadding 0 in sbws' tor instance.
I couldn't find an equivalent option for circuit padding, so I added #28693 for Tor, and #28694 for sbws.

comment:4 Changed 8 months ago by teor

We should keep this ticket open, so we think about which kinds of circuits we enable padding on, and how those machines should work.

I suggest that we should enable padding by default on all circuits that might need anonymity.

comment:5 Changed 6 months ago by nickm

Sponsor: Sponsor2

comment:6 Changed 6 months ago by teor

Parent ID: #28693

wtf-pad won't impair bandwidth scanning if we turn it off on the bandwidth scanner tor instance

comment:7 Changed 5 months ago by nickm

Resolution: not a bug
Status: newclosed

comment:8 in reply to:  3 Changed 2 months ago by cypherpunks

Replying to teor:

I opened #28692 to set ConnectionPadding 0 in sbws' tor instance.
I couldn't find an equivalent option for circuit padding, so I added #28693 for Tor, and #28694 for sbws.

this is correct, any type of padding should be turned off for sbws CircuitPadding and ConnectionPadding.

Note: See TracTickets for help on using tickets.