Skip to content
Snippets Groups Projects
  • View options
    • View options
  • Attributes

    Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first
    • George Kadianakis

      Some notes:

      To reduce the number of guard nodes I should look into decide_num_guards(). To increase the rotation period I should look into MIN_GUARD_LIFETIME et al. or play with the GuardLifetime consensus parameter on the authority side.

      Also, what about directory guards?

    • Nick Mathewson

      Trac:
      Milestone: N/A to Tor: 0.2.6.x-final

    • George Kadianakis

      Some notes on an implementation plan:

      Switch to one guard per client

      • Look into decide_num_guards().
      • See if setting NumEntryGuards=1 breaks any assumption of the rest of the code.
      • Implementation depends on whether we pick alternative behavior of section 1.1.1 or not.

      Increase guard rotation period

      • Either play with MIN_GUARD_LIFETIME or use the GuardLifetime consensus option.
      • Implementation depends on whether we pick alternative behavior of section 1.2.1 or not.

      Raise bw thresholds for guard

      • See set_routerstatus_from_routerinfo() and AuthDirGuardBWGuarantee etc.
      • How to test: Make fake network and see which guards are eligible to become guards

      Prioritize young guards for non-guard tasks

      • Implementation plan: Download/parse/verify old consensuses in an external script, write file with results, have little-t-tor read the results.

      • Bandwidth authorities: See dirserv_read_measured_bandwidths() and https://gitweb.torproject.org/torflow.git/blob/HEAD:/NetworkScanners/BwAuthority/README.spec.txt#l333

      • How to test the external script: Make artificial data sets of consensuses and see if the external script parses them properly.

      • How to test Tor: Create artificial guard age results file, give the test a fake network (some relays) and see if Tor generates the right weights for the relays.

    • George Kadianakis

      Replying to asn:

      == Prioritize young guards for non-guard tasks ==

      • Implementation plan: Download/parse/verify old consensuses in an external script, write file with results, have little-t-tor read the results.

      Two questions on this task (also see #10968 (moved)):

      a) How are we going to get past consesuses? AFAIK, directories don't keep and serve old consesuses. Is metrics.tpo the only place where we can get them? Is it reasonalbe to make metrics.tpo a single point of failure for this feature?

      b) We will need to verify the sigs of the past consesuses. Can arm verify signatures of Tor documents? Also, what can go wrong with verifying consesus sigs from many months ago? Have auths ever changed their identity keys? Also, what happens if we try to parse a badly-signed consesus? Should we just ignore it?

    • George Kadianakis

      We also need to decide if we want to do the alternative behaviors suggested in sections 1.1.1 and 1.2.1 of https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/236-single-guard-node.txt

    • Karsten Loesing

      Replying to asn:

      Replying to asn:

      == Prioritize young guards for non-guard tasks ==

      • Implementation plan: Download/parse/verify old consensuses in an external script, write file with results, have little-t-tor read the results.

      Two questions on this task (also see #10968 (moved)):

      a) How are we going to get past consesuses? AFAIK, directories don't keep and serve old consesuses. Is metrics.tpo the only place where we can get them? Is it reasonalbe to make metrics.tpo a single point of failure for this feature?

      Would somebody want to run a fall-back instance of the part of metrics.tpo that archives consensuses? I run two instances, but I sure wouldn't mind knowing that there's another instance running that is not run by me.

      b) We will need to verify the sigs of the past consesuses. Can arm verify signatures of Tor documents?

      stem, not arm. That's a question for atagar.

      Also, what can go wrong with verifying consesus sigs from many months ago? Have auths ever changed their identity keys?

      metrics.tpo also serves past certificates that you could use here. You'll also want to extract a list of authority identities that little-t-tor clients considered valid. That list changes every now and then, but not very often.

      Also, what happens if we try to parse a badly-signed consesus? Should we just ignore it?

      Probably warn about the bad signature and ignore it. If the consensus still has enough good signatures for little-t-tor clients to accept it, you can probably accept it, too.

      b) We will need to verify the sigs of the past consesuses. Can arm verify signatures of Tor documents?

      stem, not arm. That's a question for atagar.

      Stem can check the server descriptor digestests if you have PyCrypto available...

      https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/descriptor/server_descriptor.py#l717

      ... but it doesn't yet check the consensus signatures. Patches welcome. :)

    • Nick Mathewson

      Trac:
      Keywords: tor-client deleted, tor-client prop236 added

      Trac:
      Parent: N/A to #11045 (closed)

    • Nick Mathewson

      Trac:
      Priority: normal to major

    • Nick Mathewson

      Trac:
      Parent: #11045 (closed) to N/A

    • Nick Mathewson

      Trac:
      Keywords: tor-client prop236 deleted, tor-client prop236 026-triaged-1 added

    • Nick Mathewson

      This will be done when #12598 (moved) is done; moving to 0.2.7

      Trac:
      Milestone: Tor: 0.2.6.x-final to Tor: 0.2.7.x-final

    • Nick Mathewson

      Trac:
      Status: new to assigned

    • Nick Mathewson

      Marking more tickets as triaged-in for 0.2.7

      Trac:
      Keywords: tor-client prop236 026-triaged-1 deleted, tor-client, 026-triaged-1, prop236, 027-triaged-1-in added

    • Isabela Fernandes

      Trac:
      Version: N/A to Tor: 0.2.7
      Keywords: N/A deleted, SponsorU added
      Points: N/A to medium

    • Nick Mathewson

      Much of this is done in 0.2.7; most of the rest must wait for 0.2.8, I expect.

      Trac:
      Milestone: Tor: 0.2.7.x-final to Tor: 0.2.8.x-final

    • Nick Mathewson

      Trac:
      Keywords: N/A deleted, 028-triaged added