[tor-relays] Balancing throughput versus getting Black-Holed

[teor]

> On 26 Oct 2017, at 10:39, Mirimir <mirimir at riseup.net> wrote:
> 
> On 10/25/2017 12:31 PM, teor wrote:
>> 
>>> On 26 Oct 2017, at 10:23, Mirimir <mirimir at riseup.net> wrote:
>>> 
>>> On 10/25/2017 11:31 AM, Paul Templeton wrote:
>>>> 
>>>>> How long is your relay blackholed for?
>>>> Usually 12Hrs - I'll look at a second IP to see if it helps a bit.
>>>> 
>>>> Having the ability to rotate address would be good... :)
>>>> 
>>>> Paul
>>> 
>>> I wonder how quickly the subnet would get black-holed.
>>> 
>>> I've thought of doing that with IPv6. With a /64, the relay could use a
>>> new OutboundBindAddress for each circuit.
>> 
>> Or each stream.
> 
> Right, per stream :) That'd be cool.
> 
>> There's a design tradeoff here: using a different address for each stream
>> provides less linkability between streams on the same circuit. But it may
>> confuse remote websites that expect all requests from a page to come from
>> the same source IP address.
> 
> Could circuit vs stream be configurable in the client?

That would split the anonymity set of clients, making any client that chose
the non-default option stand out.

Clients like Tor Browser already do some fairly complicated things to isolate
circuits from different websites, and I wouldn't want to interfere with that.

>> I think we would probably choose an IP per stream, because our design is
>> willing to compromise usability on a few websites for privacy on all.

I'll also talk to the Tor Browser folks about this, because they may
have an opinion.

--
Tim / teor

PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
------------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171026/379ed50f/attachment-0001.sig>