Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T14:50:11Zhttps://gitlab.torproject.org/legacy/trac/-/issues/5460Write proposal(s) to implement improved relay/circuit crypto authentication2020-06-13T14:50:11ZMike PerryWrite proposal(s) to implement improved relay/circuit crypto authenticationWe need to write a proposal to determine the best way to provide authentication to our circuit crypto, so that cells that have been tagged/tampered with/duplicated cause circuit failure at the 2nd hop, not the third.
As I understand it...We need to write a proposal to determine the best way to provide authentication to our circuit crypto, so that cells that have been tagged/tampered with/duplicated cause circuit failure at the 2nd hop, not the third.
As I understand it, there are two competing possibilities:
1. Self-authenticating crypto (BEAR/LION/LIONESS, others?)
2. Per-hop MAC
The main disadvantage of 1 is that it's likely slow and not very many people use it. The disadvantage of 2 is that it requires us to disclose path length count and position to nodes, as well as have MACs that either grow with increased path length, or become less secure with increased path length.
There are probably other issues. I believe the current plan is to produce both options in one or more proposals and compare and contrast them.Tor: 0.2.8.x-finalNick MathewsonNick Mathewsonhttps://gitlab.torproject.org/legacy/trac/-/issues/4483If k of n authorities are down, k/n bootstrapping clients are delayed for min...2020-06-13T14:56:19ZRoger DingledineIf k of n authorities are down, k/n bootstrapping clients are delayed for minutesWhen an authority is down, a client bootstrapping into the network might pick it to learn the consensus, and then have to wait until that attempt times out.
We should try to improve the robustness of the authorities. Fine, but easier sa...When an authority is down, a client bootstrapping into the network might pick it to learn the consensus, and then have to wait until that attempt times out.
We should try to improve the robustness of the authorities. Fine, but easier said than done.
At the same time, we should explore letting clients time out more quickly during critical-path directory requests.
We should make sure not to screw it up for clients that are on genuinely slow and high-latency connections. The goal is to improve time-to-bootstrap for the average case while not harming it (much) for the already bad cases.Tor: 0.2.8.x-finalteorteor