[tor-bugs] #8710 [Tor]: Sybil selection should prefer measured over advertised bw
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 16 18:29:28 UTC 2013
#8710: Sybil selection should prefer measured over advertised bw
----------------------+-----------------------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: tor-auth | Parent:
Points: | Actualpoints:
----------------------+-----------------------------------------------------
Comment(by arma):
The sybil tie-breaker decision is meant to let us take the most useful
relays from the set, and add those to the network. The choice of relay is
not meant to be a security thing.
So I'll grant that maybe looking at the measured bandwidth will give us a
better heuristic for picking the 'more useful' relay. But if it causes
oscillations, meaning we periodically zero out the history of all relays
in the set, then it would seem to be the worse choice. And it seems like
it *should* produce oscillations, since whichever relay in the set we
didn't choose lately is sure going to have some spare bandwidth (and thus
measure better).
What security-related attacks are we worried about here? "We could end up
picking a relay with lower measured bandwidth" is the failure mode that I
see?
I'm tempted to suggest a nuke-it-from-orbit approach of erasing history
from all relays whenever you have three reachable relays from a given IP
address. But then I'm reminded of the reason we added this whole
complexity in the first place -- to get what we were willing to take from
people who accidentally sign up more relays than we want.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8710#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list