[tor-bugs] #15482 [Tor]: Don't surprise users with new circuits in the middle of browsing
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Aug 20 10:33:55 UTC 2015
#15482: Don't surprise users with new circuits in the middle of browsing
-------------------------+-------------------------------------------------
Reporter: | Owner: yawning
mikeperry | Status: assigned
Type: | Milestone: Tor: 0.2.7.x-final
enhancement | Version: Tor: unspecified
Priority: normal | Keywords: tbb-usability, tbb-wants, tor-core,
Component: Tor | TorCoreTeam201508
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by mikeperry):
FWIW, I like the idea behind rustybird's second patch
(https://trac.torproject.org/projects/tor/attachment/ticket/15482/IsolateKeepAliveSOCKSAuth.patch)
minus the needless whitespace changes.
I think any form of max lifespan opens up the user to both guard discovery
attacks as well as increased exit node and correlation exposure (because a
max lifespan allows an application to be induced to continually reconnect
until a compromised middle or exit node is chosen on a new circuit).
Beyond the security concerns (which should be sufficient by themselves),
it also terrible for usability. The lifespan of HTTP connections is a
relic of the shittiness of HTTP/1.x. Both HTTP/2 and QUIC fix this, and
keep connections opened forever, because that is how sessions actually
work on the web. To drive home the usability impact of enforcing this max
lifespan: would we ever force people to reconnect to their SSH servers
every X minutes/hours/days through Tor? If we're not willing to do that,
we shouldn't to the equivalent to the web.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15482#comment:31>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list