UDP over Tor [was Re: blog about tor and skype]
Paul Syverson
syverson at itd.nrl.navy.mil
Wed Mar 7 13:59:54 UTC 2007
On Tue, Mar 06, 2007 at 09:38:54PM +0100, Juliusz Chroboczek wrote:
>
> Forwarding raw IP is difficult, I agree. But it's UDP I'd like you to forward.
>
> Considering your list:
[snip]
>
> 4. I'm not sure I understand this point. You could just forward UDP
> over TCP, as long as you make sure that the entry node discards
> datagrams when there's congestion. (This basically means making sure
> that your writes to the tor socket are non-blocking.)
>
You could simply do that, but you would have transport with all the
efficiency and flexibility of TCP with all the reliability of
UDP. It's a quick and easy (err, sort of) way to incorporate UDP
without having to redo Tor. But to really channel UDP and get some of
its advantages, it's not just the DTLS we would need that Nick
mentioned. That will only take care of the links. We would need to
have a block cipher based system that worked against replay and a
bunch of other issues. As mentioned in the Challenges paper
(http://www.onion-router.net/Publications.html#challenges) but not on
the wiki, the Freedom network did this. So we know it is in principle
possible. But I don't think the code was publicly available and
documented nor the protocol fully specified (although the Freedom
Protocol 1.0 architecture paper spelled out much
web.homeport.org/~adam/zeroknowledgewhitepapers/arch-notech.pdf ) They
were also forced to reimplement alot of TCP anyway. Ultimately
since Freedom had a different way of maintaining users and nodes,
and wasn't around long enough, we don't know in principle
if it's possible to do well enough for our needs. I think this is
really a big hunk of work to do anything like an OK job, but I
encourage people to continue to go after it because it would be great
to have.
What nobody has yet mentioned is that carrying UDP traffic would also
involve alot of tradeoffs in design as well as needing to design for
incentives and economic issues that would arise. It won't just be Tor
only better and able to do more.
aloha,
Paul
More information about the tor-talk
mailing list