Changes between Version 1 and Version 2 of org/meetings/2014WinterDevMeeting/notes/GuardDesign


Ignore:
Timestamp:
Feb 25, 2014, 4:03:32 PM (5 years ago)
Author:
lunar
Comment:

formatting

Legend:

Unmodified
Added
Removed
Modified
  • org/meetings/2014WinterDevMeeting/notes/GuardDesign

    v1 v2  
    1 ========================================================================
     1= Guard nodes =
    22
    3 - perhaps we should go to 1 guard by default
     3'''Abstract:''' What is to be done?
    44
     5== Minutes ==
     6
     7=== One guard / guard sets ===
     8
     9- Perhaps we should go to 1 guard by default.
    510- Alternatively, we could go with "guard sets" and similar ideas, but those have deep gaps and unanswered questions.
    6 
    7 - we should probably increase the rotation period.
    8 
    9 - To make it safe to increase the rotation period, perhaps we
    10   should add a weight parameter describing how much of the last rotation period
    11   you've been a guard.  Use that when picking non-guard nodes for
    12   bw-relevant activities.
    13 
     11- We should probably increase the rotation period.
     12- To make it safe to increase the rotation period, perhaps we should add a weight parameter describing how much of the last rotation period you've been a guard.  Use that when picking non-guard nodes for bw-relevant activities.
    1413- Perhaps we should raise the threshold of bandwidth required to be a guard such that...
    15 
    1614  - ...the smallest guard is a non-tiny fraction of the whole network ?
    17 
    1815  - ...the smallest guard is not too slow
    19 
    2016- Could there be a user parameter to raise guard bw threshold
    2117
    22 ========================================================================
     18=== Guards and identity ===
    2319
    2420- Hey, should there be a different set of guards per identity?
     21- Or a different tor state per identity
     22  - see 10969. See wiki link from there. See tordyguards
     23  - way to kill state reload state and restart tor
     24  - need way to not have Tor launch a connection to an old guard before it realizes it's moved.
     25  - need way to avoid dhcp attack
     26     - networkmanager / systemd integration?
     27- Separate guards per isolation profile.  That would be neat.
     28  - Can't do in full. since there are infinite isolation profiles.
     29  - But it would be cool to separate hidden services from other stuff
     30  - And it would be cool to allow separation via different socksports, etc
    2531
    26 - Or a different tor state per identity
     32=== How many guard are used at once? ===
    2733
    28   - see 10969.  see wiki link from there.  see tordyguards
    29 
    30   - way to kill state reload state and restart tor
    31 
    32   - need way to not have Tor launch a connection to an old guard before it realizes it's moved.
    33 
    34   - need way to avoid dhcp attack
    35 
    36      - networkmanager / systemd integration?
    37 
    38 ==================
    39 
    40   - Limit how many guards a user gets/tries at one time?
    41 
    42     - If you get a whole bunch of guards, probably your connection is down...
    43 
    44     - Or maybe somebody's denying your connections till you pick a good guard.
    45 
    46 ========================================================================
    47 
    48 - Separate guards per isolation profile.  That would be neat.
    49 
    50    - Can't do in full. since there are infinite isolation profiles.
    51 
    52    - But it would be cool to separate hidden services from other stuff
    53 
    54    - And it would be cool to allow separation via different socksports, etc
    55 
    56 ========================================================================
     34- Limit how many guards a user gets/tries at one time?
     35  - If you get a whole bunch of guards, probably your connection is down...
     36  - Or maybe somebody's denying your connections till you pick a good guard.
    5737
    5838- "Kill the node and see where users scatter" attack has some complex
    5939  solutions.
    60 
    6140  - fingers to pick next guard from a small set?
    62 
    6341  - decide these fingers based on unpredictable shuffle of net?
    6442
    65 
    66 ========================================================================
     43=== When are guards chosen? ===
    6744
    6845When to choose sets of guards?
    6946
    7047- option 1: choose more guards, use one at a time.  (Needs coding)
    71 
    7248- option 2: choose next guard at time of first-guard failure.
    7349
    74 ========================================================================
     50=== Missing proposals ===
    7551
    76 - LIMIT how many guards can go down (see sniper attack)
     52- Limit how many guards can go down (see sniper attack)
     53- Should guard rotation period be consensus parameter?
     54- New proposal: "i couldn't consense" statement.  Anybody could write.
     55- New proposal: "consensus hash chain".  Anybody could write.
    7756
    78 ------------------------------------------------------------------------
     57=== Guard enumeration ===
    7958
    80 - Should guard rotation period be consensus parameter?
     59Guard enumeration, maybe 9 months is far easier then 2 months.  Especially if Tor is used infrequently. We need a solution for guard enumeration:
     60 - 2-hop cascades?
     61 - pathsel is an abstraction layer.
    8162
    82 ==================================================
     63=== arma matters ===
    8364
    84 new proposal: "i couldn't consense" statement.  Anybody could write.
     65arma blocks unless we have a way to say that the users don't mostly get shoved onto shitty guards.
    8566
    86 ========================================================================
     67Open questions:
    8768
    88 new proposal: "consensus hash chain".  Anybody could write.
     69 - why does arma have so many guards in his state file?
     70 - why are his guards not in sequential order????????
    8971
    90 ========================================================================
    91 MORE ISSUES:
    92 
    93   - Guard enumeration, maybe 9 months is far easier then 2
    94     months.  Especially if Tor is used infrequently.
    95 
    96      - We need a solution for guard enumeration.
    97 
    98        - 2-hop cascades?
    99 
    100        - pathsel is an abstraction layer.
    101 
    102 ========================================================================
    103 
    104 ARMA blocks unless we have a way to say that the users don't mostly get
    105 shoved onto shitty guards.
    106 
    107 ========================================================================
    108 
    109 MORE:
    110 
    111         - why does arma have so many guards in his state file?
    112 
    113         - why are his guards not in sequential order????????
    114 
    115 ======================================================================
     72=== Next steps ===
    11673
    11774Next steps:
     75
    11876  * Expand above into longer nodes, proposal.  (Nick, Nick, George)
    11977  * Investigate questions, issues.