Skip to content

Questions for an expert on hidden services

(Note It's probably best to start a separate reply thread for each question (or set of related questions), or we'll become totally lost.)

We (Arti folks) have a number of questions that we would like an expert on onion services to have an opinion about. They're all about what the client behaviour should be:

  1. How long should an HS client circuit, that is not currently being used, be retained?

  2. After having received INTRODUCE_ACK, is it OK to tear down the introduction circuit immediately, or should we wait for rendezvous completion?

  3. HS descriptor downloading: currently, for each HS, Arti tries one hsdir at a time. How important is it to parallelise these attempts?

  4. Introduction/rendezvous: currently, Arti tries one introduction point at a time. Again, how important is it to parallelise these attemnpts?

  5. Rendezvous circuit construction: currently Arti tries to maintain a pool of circuits ready for use as rendezvous, but if many HS connections are made at once, that pool will become depleted. Then, Arti would serialise building a new rendezvous circuit, with the building of the introduction circuit. How much does this matter?

  6. Arti currently serialises (i) the RENDEZVOUS exchange with (ii) building the introduction circuit and sending INTRODUCE1, even though in principle they could be paralellised. Does this matter?

  7. Descriptor lifetime. Revision numbers vs expiry times. Currently, once Arti has successfully obtained an HS descriptor, it retains it until it has expired according to its declared lifetime. After its declared lifetime, Arti will unconditionally discard it (and attempt to obtain a new descriptor). Arti ignores the revision counter. Is this right? Should rendezvous failures prompt descriptor re-download? When?

  8. We have a number of timeouts and retry counters which we're not sure we have the right values for:

// For descriptor downloading
        // TODO HS are these right? make configurable? get from netdir?
        // TODO HS should we even have MAX_TOTAL_ATTEMPTS or should we just try each one once?
        /// Maxmimum number of hsdir connection and retrieval attempts we'll make
        const MAX_TOTAL_ATTEMPTS: usize = 6;
        /// Limit on the duration of each retrieval attempt
        const EACH_TIMEOUT: Duration = Duration::from_secs(10);
// For introduction and rendezvous
        // TODO HS are these right? make configurable? get from netdir?
        // TODO HS should we even have this or should we just try each one once?
        /// Maxmimum number of rendezvous/introduction attempts we'll make
        const MAX_TOTAL_ATTEMPTS: usize = 6;
        /// Limit on the duration of each attempt to establishg a rendezvous point
        const REND_TIMEOUT: Duration = Duration::from_secs(10);
        /// Limit on the duration of each attempt to negotiate with an introduction point
        const INTRO_TIMEOUT: Duration = Duration::from_secs(10);
        /// Limit on the duration of each attempt for activities involving both RPT and IPT
        const RPT_IPT_TIMEOUT: Duration = Duration::from_secs(10);

CC @dgoulet