[tor-bugs] #7830 [Core Tor/Tor]: UDP over Tor

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 28 07:38:19 UTC 2016 

#7830: UDP over Tor
--------------------------------------+------------------------------------
 Reporter:  proper                    |          Owner:
     Type:  enhancement               |         Status:  new
 Priority:  Medium                    |      Milestone:  Tor: very long
Component:  Core Tor/Tor              |  term
 Severity:  Normal                    |        Version:
 Keywords:  tor-relay needs-proposal  |     Resolution:
Parent ID:                            |  Actual Points:
 Reviewer:                            |         Points:
                                      |        Sponsor:
--------------------------------------+------------------------------------

Comment (by yawning):

 Replying to [comment:5 arthuredelstein]:
 > Replying to [comment:2 rransom]:
 > > This is unlikely to be possible.
 > [snip]
 > >  * Transporting UDP-based protocols cannot provide a performance
 improvement unless relays are permitted to reorder and/or drop cells.
 This would make end-to-end tagging attacks much easier (they would no
 longer be limited to relays), and would be incompatible with Tor's current
 relay crypto and the currently proposed new relay crypto protocols.
 >
 > For me, the most important argument for transmitting UDP over Tor is
 that it would support existing UDP-based protocols and applications. I
 think that would be useful even without a performance improvement. Would
 it be safe (as safe as Tor's existing support of TCP streams) to transmit
 UDP datagrams between guards and exit nodes if the reordering or dropping
 of cells were not permitted?

 I'm not certain how this will work on the exit end, and it seems a bit
 nightmarish at a first glance.  How many exits would be comfortable not
 only letting the tor process bind to arbitrary UDP ports, but accepting
 inbound UDP traffic from what essentially would be the entire Internet to
 said arbitrary UDP ports (Behavior that's different from this would be
 possible, but would likely require work on the client side).

 And how would congestion control work?  What's to stop someone from
 causing the outbound link on the exit end to collapse due to congestion by
 having it spit out UDP packets as fast as it can?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7830#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list