Re: [tor-bugs] #15251 [Core Tor/Tor]: Make tor support starting with 10.000 Tor Hidden Service

[Tor Bug Tracker & Wiki]

#15251: Make tor support starting with 10.000 Tor Hidden Service
--+
 Reporter:  naif  |  Owner:  (none)
 Type:  task  | Status:  closed
 Priority:  Low   |  Milestone:  Tor:
  |  unspecified
Component:  Core Tor/Tor  |Version:  Tor:
  |  unspecified
 Severity:  Normal| Resolution:  duplicate
 Keywords:  tor-hs, scalability, tor-dos  |  Actual Points:
Parent ID:| Points:  10
 Reviewer:|Sponsor:
--+
Changes (by asn):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 Closing this in favor of #24973 and #30221.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15251 [Core Tor/Tor]: Make tor support starting with 10.000 Tor Hidden Service

[Tor Bug Tracker & Wiki]

#15251: Make tor support starting with 10.000 Tor Hidden Service
--+
 Reporter:  naif  |  Owner:  (none)
 Type:  task  | Status:  new
 Priority:  Low   |  Milestone:  Tor:
  |  unspecified
Component:  Core Tor/Tor  |Version:  Tor:
  |  unspecified
 Severity:  Normal| Resolution:
 Keywords:  tor-hs, scalability, tor-dos  |  Actual Points:
Parent ID:| Points:  10
 Reviewer:|Sponsor:
--+

Comment (by teor):

 Replying to [comment:16 naif]:
 > @teor do you think that Tor2webMode 1 (that require compile-time flags)
 will make connections going to HSDir to become 1-hop only?
 > Ref: https://trac.torproject.org/projects/tor/ticket/2553
 >
 > That way the single-onion will also make outgoing "single-hop"
 connections for the connections to HSDirs ?

 Don't do this. Connecting to HSDirs over a 1-hop path allows HSDirs to
 selectively deny service to clients and onion services based on their IP
 address. This is why single onion services connect over a 3-hop path.

 If you have this many onion services on a tor instance, it will need to be
 connected to most relays anyway. If you use a single onion service, it
 won't use fixed guards, so it will spread the HSDir circuit load over the
 entire network.

 Using single-hop paths for HSDirs is a bug in Tor2web that we plan to fix
 in #20104.
 Also, we plan on removing Tor2web in a few years time when we remove v2
 onion services. Tor2web isn't well tested or supported.

 Also, have you considered using subdomains on a few onion services, rather
 than trying to set up 10,000?
 Or do you need the authentication to each individual entity?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15251 [Core Tor/Tor]: Make tor support starting with 10.000 Tor Hidden Service

[Tor Bug Tracker & Wiki]

#15251: Make tor support starting with 10.000 Tor Hidden Service
--+
 Reporter:  naif  |  Owner:  (none)
 Type:  task  | Status:  new
 Priority:  Low   |  Milestone:  Tor:
  |  unspecified
Component:  Core Tor/Tor  |Version:  Tor:
  |  unspecified
 Severity:  Normal| Resolution:
 Keywords:  tor-hs, scalability, tor-dos  |  Actual Points:
Parent ID:| Points:  10
 Reviewer:|Sponsor:
--+

Comment (by naif):

 @teor do you think that Tor2webMode 1 (that require compile-time flags)
 will make connections going to HSDir to become 1-hop only?
 Ref: https://trac.torproject.org/projects/tor/ticket/2553

 That way the single-onion will also make outgoing "single-hop" connections
 for the connections to HSDirs ?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15251 [Core Tor/Tor]: Make tor support starting with 10.000 Tor Hidden Service

[Tor Bug Tracker & Wiki]

#15251: Make tor support starting with 10.000 Tor Hidden Service
--+
 Reporter:  naif  |  Owner:  (none)
 Type:  task  | Status:  new
 Priority:  Low   |  Milestone:  Tor:
  |  unspecified
Component:  Core Tor/Tor  |Version:  Tor:
  |  unspecified
 Severity:  Normal| Resolution:
 Keywords:  tor-hs, scalability, tor-dos  |  Actual Points:
Parent ID:| Points:  10
 Reviewer:|Sponsor:
--+

Comment (by teor):

 Replying to [comment:14 naif]:
 > Replying to [comment:13 asn]:
 > > It's possible that 10k onion services on a single host will probably
 wreck your guard(s) because of the amount of introduction/HSDir circuits,
 even if mots of them are low/zero traffic.
 >
 > That's a thing, wondering if the Facebook-alike optimisation (where it
 does not require Server Location Anonimity) can help with that setup, or
 if it would require some different kind of of crypto-circuits-related
 aspects?


 Single onion services don't have guards. They do HSDir posts over a 3-hop
 path (but with no set guard) to avoid denial of service, but do intro and
 rendezvous over a single-hop path.

 You should set the 2 options needed to turn single onion services on.
 Check the man page for their exact spellings. You'll probably also need
 "SOCKSPort 0".


 > …
 > > > If someone is going or willing to support Tor debugging to achieve
 that goal, we'll be more than happy.
 > >
 > > I'm interested in helping you with this, so that you achieve your
 goals without damaging the network. Perhaps we can do an IRC meeting or
 something?
 >
 > Perfect, if you can join #globaleaks channel there's evilaliv3 that's
 doing today some preliminary testing with 500 onion address, inserting 10
 onion address every 5 minutes, then trying to see what happen as we create
 a "network blackout" of few minutes.


 Try restarting the tor instance as well. #22210 happens on startup.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15251 [Core Tor/Tor]: Make tor support starting with 10.000 Tor Hidden Service

[Tor Bug Tracker & Wiki]

#15251: Make tor support starting with 10.000 Tor Hidden Service
--+
 Reporter:  naif  |  Owner:  (none)
 Type:  task  | Status:  new
 Priority:  Low   |  Milestone:  Tor:
  |  unspecified
Component:  Core Tor/Tor  |Version:  Tor:
  |  unspecified
 Severity:  Normal| Resolution:
 Keywords:  tor-hs, scalability, tor-dos  |  Actual Points:
Parent ID:| Points:  10
 Reviewer:|Sponsor:
--+

Comment (by naif):

 Replying to [comment:13 asn]:
 > It's possible that 10k onion services on a single host will probably
 wreck your guard(s) because of the amount of introduction/HSDir circuits,
 even if mots of them are low/zero traffic.

 That's a thing, wondering if the Facebook-alike optimisation (where it
 does not require Server Location Anonimity) can help with that setup, or
 if it would require some different kind of of crypto-circuits-related
 aspects?



 >
 > > Each GlobaLeaks instance will have it's own HTTPS certificate enrolled
 and maintained automatically with LetsEncrypt and it's own Onion Service.
 >
 > I recently heard that LetsEncrypt can't make onion certs because they
 are DV, and not EV.

 Sorry, I meant having 2 channels: HTTPS (with letsencrypt on public IP)
 and Onion on Tor.

 Those will be used for such a national anticorruption platform, and for
 each single public agencies we will need to have the couple of an HTTPS
 URL and Onion URL.

 So those are independent.

 >
 > > If someone is going or willing to support Tor debugging to achieve
 that goal, we'll be more than happy.
 >
 > I'm interested in helping you with this, so that you achieve your goals
 without damaging the network. Perhaps we can do an IRC meeting or
 something?

 Perfect, if you can join #globaleaks channel there's evilaliv3 that's
 doing today some preliminary testing with 500 onion address, inserting 10
 onion address every 5 minutes, then trying to see what happen as we create
 a "network blackout" of few minutes.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15251 [Core Tor/Tor]: Make tor support starting with 10.000 Tor Hidden Service

[Tor Bug Tracker & Wiki]

#15251: Make tor support starting with 10.000 Tor Hidden Service
--+
 Reporter:  naif  |  Owner:  (none)
 Type:  task  | Status:  new
 Priority:  Low   |  Milestone:  Tor:
  |  unspecified
Component:  Core Tor/Tor  |Version:  Tor:
  |  unspecified
 Severity:  Normal| Resolution:
 Keywords:  tor-hs, scalability, tor-dos  |  Actual Points:
Parent ID:| Points:  10
 Reviewer:|Sponsor:
--+

Comment (by asn):

 Replying to [comment:11 naif]:
 >
 > GlobaLeaks project do integrate Tor with dynamic setup of Tor Onion
 Services and by Q1/2018 will release a project that require setup of about
 9600 Tor Onion Services, so we will probably work on it somehow.
 >

 It's possible that 10k onion services on a single host will probably wreck
 your guard(s) because of the amount of introduction/HSDir circuits, even
 if mots of them are low/zero traffic.

 > Each GlobaLeaks instance will have it's own HTTPS certificate enrolled
 and maintained automatically with LetsEncrypt and it's own Onion Service.

 I recently heard that LetsEncrypt can't make onion certs because they are
 DV, and not EV.

 > If someone is going or willing to support Tor debugging to achieve that
 goal, we'll be more than happy.

 I'm interested in helping you with this, so that you achieve your goals
 without damaging the network. Perhaps we can do an IRC meeting or
 something?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15251 [Core Tor/Tor]: Make tor support starting with 10.000 Tor Hidden Service

[Tor Bug Tracker & Wiki]

#15251: Make tor support starting with 10.000 Tor Hidden Service
--+
 Reporter:  naif  |  Owner:  (none)
 Type:  task  | Status:  new
 Priority:  Low   |  Milestone:  Tor:
  |  unspecified
Component:  Core Tor/Tor  |Version:  Tor:
  |  unspecified
 Severity:  Normal| Resolution:
 Keywords:  tor-hs, scalability, tor-dos  |  Actual Points:
Parent ID:| Points:  10
 Reviewer:|Sponsor:
--+

Comment (by teor):

 You will probably need to fix the performance issues in #22210.
 You might also need something like OnionBalance, or more likely,
 rendezvous handoff from #17254.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15251 [Core Tor/Tor]: Make tor support starting with 10.000 Tor Hidden Service

[Tor Bug Tracker & Wiki]

#15251: Make tor support starting with 10.000 Tor Hidden Service
--+
 Reporter:  naif  |  Owner:  (none)
 Type:  task  | Status:  new
 Priority:  Low   |  Milestone:  Tor:
  |  unspecified
Component:  Core Tor/Tor  |Version:  Tor:
  |  unspecified
 Severity:  Normal| Resolution:
 Keywords:  tor-hs, scalability, tor-dos  |  Actual Points:
Parent ID:| Points:  10
 Reviewer:|Sponsor:
--+

Comment (by naif):

 GlobaLeaks project do integrate Tor with dynamic setup of Tor Onion
 Services and by Q1/2018 will release a project that require setup of about
 9600 Tor Onion Services, so we will probably work on it somehow.

 Each GlobaLeaks instance will have it's own HTTPS certificate enrolled and
 maintained automatically with LetsEncrypt and it's own Onion Service.

 This project will be setting up a virtual GlobaLeaks for each italian
 public agencies in an automated way, as a massive-scale anti-corruption
 project.

 If someone is going or willing to support Tor debugging to achieve that
 goal, we'll be more than happy.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15251 [Core Tor/Tor]: Make tor support starting with 10.000 Tor Hidden Service

[Tor Bug Tracker & Wiki]

#15251: Make tor support starting with 10.000 Tor Hidden Service
--+
 Reporter:  naif  |  Owner:
 Type:  task  | Status:  new
 Priority:  Low   |  Milestone:  Tor:
  |  unspecified
Component:  Core Tor/Tor  |Version:  Tor:
  |  unspecified
 Severity:  Normal| Resolution:
 Keywords:  tor-hs, scalability, tor-dos  |  Actual Points:
Parent ID:| Points:  10
 Reviewer:|Sponsor:
--+
Changes (by nickm):

 * priority:  Medium => Low


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #15251 [Core Tor/Tor]: Make tor support starting with 10.000 Tor Hidden Service

[Tor Bug Tracker & Wiki]

#15251: Make tor support starting with 10.000 Tor Hidden Service
--+
 Reporter:  naif  |  Owner:
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |Version:  Tor:
 Severity:  Normal|  unspecified
 Keywords:  tor-hs, scalability, tor-dos  | Resolution:
Parent ID:|  Actual Points:
 Reviewer:| Points:  10
  |Sponsor:
--+
Changes (by nickm):

 * points:   => 10


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs