[tor-dev] Revisiting Proposal 246: Merging Hidden Service Directories and Introduction Points
Tim Wilson-Brown - teor
teor2345 at gmail.com
Wed Jan 13 22:31:09 UTC 2016
Hi,
I also have concerns about proposal 246, I don't think its benefits are compelling
compared with the number of drawbacks.
If we do want to skip the introduction point, proposal 252 (single onion services)
provides a way for onion services to do this on an opt-in basis. (However, it doesn't
allow onion services to skip the introduction point step and stay location-hidden.)
There's also nothing preventing us from making this change in future, by modifying
how hidden services select their introduction points. We could then teach clients
to use the HSDir as an introduction point if it's in the list.
> On 14 Jan 2016, at 03:50, George Kadianakis <desnacked at riseup.net> wrote:
>
> Hello there,
> ...
> Here are some issues that make this proposal not an obvious pick:
>
> 1) Security issues
> ...
> - It was also pointed out that the HSDir algorithm does not take into
> account the bandwidth of the nodes, making it easier to launch Sybil
> attacks. However, the rest of the the mailing list thread suggests
> various ways to do bandwidth weighted hash ring selections [4], so this
> might not be an important factor.
As far as I recall, there was no guarantee that a large hidden service would
not pick 6 low-bandwidth HSDirs/IPs for a day, with serious impact on the
reachability of that hidden service for that period.
> 3) Load balancing issue
> ...
> - Another concern here is that hidden services would not be able to change
> the number of their introduction points. This is not a big problem
> currently, but it could become in the future if the network gets more
> overloaded. As a partial solution to this, #17690 suggests making the
> number of HSDirs a network-wide consensus parameter that could also be
> used by proposal 246.
It could also become a big problem for large hidden services which benefit from
10 (or more) introduction points.
> 2) Reachability issue
>
> A final issue here is that if the relay churn of the network increases, the
> introduction point hash ring might be changing rapidly and clients might get
> pointed to the wrong introduction points.
>
> However, this does not seem like a greater problem than what hidden services
> are facing with HSDir reachability currently. Is this right, or does prop246
> makes it worse?
Proposal 246 makes it worse, because now both HSDirs and introductions depend
on a potentially churning hash ring. If churn makes an introduction point
unreachable, this increases the load on the other introduction points.
Clients also cache descriptors from HSDirs, but they need an introduction point
to be up whenever they contact the hidden service.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP 968F094B
teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160114/a5afa811/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160114/a5afa811/attachment.sig>
More information about the tor-dev
mailing list