Re: [tor-bugs] #22728 [Core Tor/Tor]: Long-lived onion service circuits can enable guard discovery

2019-01-29 Thread Tor Bug Tracker & Wiki 
#22728: Long-lived onion service circuits can enable guard discovery
---+---
 Reporter:  mikeperry  |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:  Tor:
   |  unspecified
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  guard-discovery-stats, tor-hs  |  Actual Points:
Parent ID: | Points:  45
 Reviewer: |Sponsor:
---+---
Changes (by mikeperry):

 * points:   => 45


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22728 [Core Tor/Tor]: Long-lived onion service circuits can enable guard discovery

2017-10-31 Thread Tor Bug Tracker & Wiki 
#22728: Long-lived onion service circuits can enable guard discovery
---+---
 Reporter:  mikeperry  |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:  Tor:
   |  unspecified
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  guard-discovery-stats, tor-hs  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by asn):

 * cc: asn (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22728 [Core Tor/Tor]: Long-lived onion service circuits can enable guard discovery

2017-10-25 Thread Tor Bug Tracker & Wiki 
#22728: Long-lived onion service circuits can enable guard discovery
---+---
 Reporter:  mikeperry  |  Owner:  (none)
 Type:  defect | Status:  new
 Priority:  Medium |  Milestone:  Tor:
   |  unspecified
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  guard-discovery-stats, tor-hs  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by mikeperry):

 * keywords:  guard-discovery, tor-hs => guard-discovery-stats, tor-hs


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22728 [Core Tor/Tor]: Long-lived onion service circuits can enable guard discovery

2017-10-25 Thread Tor Bug Tracker & Wiki 
#22728: Long-lived onion service circuits can enable guard discovery
-+--
 Reporter:  mikeperry|  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor: unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  guard-discovery, tor-hs  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by mikeperry):

 After thinking about the timeframes involved for attack 1 vs attack 2, I
 think that we should consider defending against attack 2 separately, again
 as a torrc option.

 Attack 1 relies on an additional full-out DoS or an OOM killer side
 channel to do better than the guard downtime frequency, which should be
 months. Attack 2 just has to wait MAX(1 week,
 guard_layer_rotation_period). For middle nodes under prop247,
 guard_layer_roation_period is days/weeks.

 Attack 1 makes me want to do conflux as per my previous comment, but
 because of the time duration and/or secondary attacks involved, attack 1
 is actually lower severity than attack 2, and we still should provide an
 option for some hidden services to lower circuit lifetime because of this.
 I've filed #23980 for this. This ticket can be the place for deciding for
 what we want to about attack 1.

 (TLS lifespan is orthogonal to both attacks, though. If services can
 reduce their circuit lifespan to minutes-hours, then 7 days of TLS
 lifespan is no longer a guard discovery vector. I would like to jack up
 TLS connection duration for other reasons, though. The TLS handshake has
 historically been a nightmare. We've wisely avoided these bugs by reducing
 our usage of its features. We should minimize its frequency of use, too.
 Why not?)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22728 [Core Tor/Tor]: Long-lived onion service circuits can enable guard discovery (was: Periodically close long-lived onion service circuits)

2017-10-24 Thread Tor Bug Tracker & Wiki 
#22728: Long-lived onion service circuits can enable guard discovery
-+--
 Reporter:  mikeperry|  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor: unspecified
Component:  Core Tor/Tor |Version:
 Severity:  Normal   | Resolution:
 Keywords:  guard-discovery, tor-hs  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by mikeperry):

 Ok, I agree. It seems like simply closing circuits is not going to buy us
 much here.

 How about providing the ability for clients to migrate circuits to an
 IP/RP? That way, if a client *should* rotate away from a node, it can.
 Additionally, if a node goes down because of DoS or any byzantine reason,
 this would mean that the circuit doesn't have to be destroyed. Basically,
 we could do conflux (https://www.cypherpunks.ca/~iang/pubs/conflux-
 pets.pdf) without the split-flow control stuff (at least not at first,
 though I suspect that the flow control pieces will be useful against
 congestion attacks).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs