[tor-dev] [network-team] [doodle poll] Meeting to discuss guard proposal draft status
Nick Mathewson
nickm at alum.mit.edu
Mon Jul 11 16:48:18 UTC 2016
On Mon, Jul 11, 2016 at 12:41 PM, isis agora lovecruft
<isis at torproject.org> wrote:
> Nick Mathewson transcribed 1.1K bytes:
>>
>
> Various questions and responses to the meeting logs [0]:
>
> 1. I'm not sure I understand the difference between USABLE_FILTERED_GUARD and
> CONFIRMED_GUARDS.
USABLE_FILTERED_GUARDS is a subset of FILTERED_GUARDS where "is
running" is "yes" or "maybe".
> 2. It seems like USED_GUARDS and CONFIRMED_GUARDS are being used
> interchangeably. I realise that Nick at some point in IRC mentions the
> former was renamed to the latter, but it isn't consistent and with so many
> variables I'm finding myself a bit confused.
Right. CONFIRMED_GUARDS is the new name for USED_GUARDS. I should
replace every instance of the old.
> 3. From:
>
>> 14:14:41 <nickm> (There is also a secret novelty in how it handles bridges
>> and entrynodes)
>
> I don't actually see EntryNodes mentioned in the proposal?
Appendix A.2 ?
> 4. How were all the parameters in §A.1 [1] chosen? Did we simulate the
> algorithm yet and fuzz the parameters under different network conditions
> like we did before?
All were totally pulled out of thin air, or out of the previous
iteration of the proposal.
> 5. For
>
>> 14:22:11 <nickm> #action try to think of ways that the "don't add to
>> USED_GUARDS till we use it" rule can be manipulated by an
>> attacker
>
> I assume the function governing membership in the set of FILTERED_GUARDS
> pushes old/stale/less-usable/less-good guards out of the set when new ones
> are found? That is, the size of FILTERED_GUARDS can't just grow
> indefinitely, right?
FILTERED_GUARDS can only grow up to the size of SAMPLED_GUARDS; but
the size of SAMPLED_GUARDS is limited by MAX_SAMPLE_THRESHOLD.
> 6. For "treating primariness as a continuum", do you mean that we
> should assign some float values to a bunch of guards we're trying
> all in parallel, then pick the guard that succeeded that had the
> highest value? I worry a bit that this would complicate the code
> and potentially result in many attempted connected to substantially
> less-suitable nodes.
It would mean that instead of treating the first N_PRIMARY_GUARDS
members of CONFIRMED_GUARDS as 100% primary, and the remaining members
as 0% primary, we would somehow treat the i'th gmember of
CONFIRMED_GUARDS as f(i)% primary for some f.
Right now "primariness" is used for several things: we'd need to look
at which of these should look at a boolean, and which could instead
look at a continuous variable. I do not yet know whether this is a
good idea.
> [0]: http://meetbot.debian.net/tor-dev/2016/tor-dev.2016-07-07-13.59.log.html
> [1]: https://trac.torproject.org/projects/tor/attachment/ticket/19468/prop259-redux-v3.txt#L414
>
> --
> ♥Ⓐ isis agora lovecruft
> _________________________________________________________
> OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
> Current Keys: https://fyb.patternsinthevoid.net/isis.txt
cheers,
--
Nick
More information about the tor-dev
mailing list