#20212: Tor can be forced to open too many circuits by embedding .onion resources -------------------------------------------------+------------------------- Reporter: gacar | Owner: tbb- | team Type: enhancement | Status: new Priority: Medium | Milestone: Tor: | unspecified Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: guard-discovery, | Actual Points: TorBrowserTeam201803 | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by asn): Replying to [comment:10 cypherpunks]: > Replying to [comment:9 cypherpunks]: > > Why limit the number of onion addresses that can be embedded instead of limiting the number of circuits that can be created for onions in a single origin? > > The former should be relatively easy to implement in Tor Browser, while the latter would presumably be much more difficult and error prone (if implemented by monitoring circuit events on the control port). The simple approach of limiting the number of onions seems like it would indirectly limit the number of circuits, but reading the above question I'm suddenly having doubts. (How quickly can Tor Browser cause more circuits to be made by continually retrying just one onion that is failing to rendezvous?) I opened #25609 to investigate the issue presented in the last parenthesis of this post. It's important because if an attacker can cause Tor to make many circuits by continuously retrying a broken onion, this can bypass any sort of origin rate-limiting defense. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20212#comment:14> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs