On Mon, May 28, 2018 at 01:10:21PM +0300, George Kadianakis wrote: > 2.2. Path restriction changes > > In order to avoid information leaks and ensure paths can be built, path > restrictions must be loosened. > > In particular, we allow the following: > 1. Nodes from the same /16 and same family for any/all hops > 2. Guard nodes can be chosen for RP/IP/HSDIR > 3. Guard nodes can be chosen for hop before RP/IP/HSDIR. > > The first change prevents the situation where paths cannot be built if two > layers all share the same subnet and/or node family. It also prevents the > the use of a different entry guard based on the family or subnet of the > IP, HSDIR, or RP. > > The second change prevents an adversary from forcing the use of a different > entry guard by enumerating all guard-flaged nodes as the RP. > > The third change prevents an adversary from learning the guard node by way > of noticing which nodes were not chosen for the hop before it.
To be clear, you are proposing removing these path restrictions for which circuits? All? All HS-related? All HS-related, but only if the new options are turned on? -- Ian Goldberg Professor and University Research Chair Cheriton School of Computer Science University of Waterloo _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev