> In application this would be a distribution that although unlikely to be optimal against any specific adversary, it's has robust hardness across a wide variety of adversaries.
So, the F-35? Perhaps what needs considered is wether that is even possible; and against which adversaries is TOR designed to resist? On Wed, Sep 23, 2015 at 8:34 AM, Virgil Griffith <[email protected]> wrote: > > because "the right distribution" is a function of which adversary you're > > considering, and once you consider k adversaries at once, no single > > distribution will be optimal for all of them.) > > Granted. But since we're speaking idealizations, I say take that the > expected-value over the distributions weighted by the probability of each > adversary. In application this would be a distribution that although > unlikely to be optimal against any specific adversary, it's has robust > hardness across a wide variety of adversaries. > > Or, if that distribution is unclear, pick the distribution of exit-relay > with the highest minimum hardness. This reminds me of the > average-entropy vs min-entropy question for quantifying anonymity. I'd be > content with either solution, and in regards to Roster I'm not sure the > difference will matter much. I am simply asking the more knowledgeable for > their opinion and recommendation. Is there one? > > -V > > > > On Wed, Sep 23, 2015 at 2:47 PM Roger Dingledine <[email protected]> wrote: > >> On Wed, Sep 23, 2015 at 06:26:47AM +0000, Yawning Angel wrote: >> > On Wed, 23 Sep 2015 06:18:58 +0000 >> > Virgil Griffith <[email protected]> wrote: >> > > * Would the number of exit nodes constitute exactly 1/3 of all Tor >> > > nodes? Would the total exit node bandwidth constitute 1/3 of all Tor >> > > bandwidth? >> > >> > No. There needs to be more interior bandwidth than externally facing >> > bandwidth since not all Tor traffic traverses through an Exit >> > (Directory queries, anything to do with HSes). >> > >> > The total Exit bandwidth required is always <= the total amount of Guard >> > + Bridge bandwidth, but I do not have HS utilization or Directory query >> > overhead figures to give an accurate representation of how much less. >> >> On the flip side, in *my* idealized Tor network, all of the relays are >> exit relays. >> >> If only 1/3 of all Tor relays are exit relays, then the diversity of >> possible exit points is much lower than if you could exit from all the >> relays. That lack of diversity would mean that it's easier for a relay >> adversary to operate or compromise relays to attack traffic, and it's >> easier for a network adversary to see more of the network than we'd like. >> >> (In an idealized Tor network, the claim about the network adversary >> might not actually be true. If you have exit relays in just the right >> locations, and capacity is infinite compared to demand, then the network >> adversary will learn the same amount whether the other relays are exit >> relays are not. But I think it is a stronger assumption to assume that we >> have exactly the right distribution of exit relay locations -- especially >> because "the right distribution" is a function of which adversary you're >> considering, and once you consider k adversaries at once, no single >> distribution will be optimal for all of them.) >> >> --Roger >> >> _______________________________________________ >> tor-dev mailing list >> [email protected] >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev >> > > _______________________________________________ > tor-dev mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev > >
_______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
