On Wed, Nov 7, 2012 at 12:51 AM, Roger Dingledine <[email protected]> wrote:
> On Tue, Nov 06, 2012 at 10:10:15PM -0500, Nick Mathewson wrote: > > > And if a very few do, maybe the solution is to > > > move to a new TLS connection for those rare cases, rather than impose > > > a 2-byte penalty on every cell in all cases.) > > > > Maaaybe, but I sure can't think of a sane testable design for that. Can > > you? To do this sanely, we'd need to negotiate this before we exchange > any > > actual data, and predict in advance that we'd want it. (We wouldn't want > to > > do it on-the-fly for connections that happen to have large numbers of > > circuits: that way lies madness.) > > > > Also, I think those "rare cases" are communications between the busiest > Tor > > nodes. I think those communications might represent a reasonably large > > fraction of total Tor bytes, such that having a fallback mode might not > > save us so much. > > Ah. By "a new TLS connection", I didn't mean a new design or anything -- > I meant simply a second TLS connection. I wouldn't feel very good about this route: there are enough places in our design that assume one canonical OR connection with any given relay that changing this assumption would be emphatically nontrivial and error-prone. On the other hand, reports of circuid ID exhaustion might be premature; I get no hits searching for "No unused circ IDs. Failing" except for our source code. Has anybody seem that warning IRL? -- Nick
_______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
