diff options
| author | Roger Dingledine <arma@torproject.org> | 2005-02-08 10:46:55 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2005-02-08 10:46:55 +0000 |
| commit | 8abf1c61886403c25c05d9da99b909f5bdbf363d (patch) | |
| tree | feea612ee9418d9856c8724ec767925832c2ca71 /doc/design-paper/challenges.tex | |
| parent | 494d475d1e7808eeaf6291dd2da0682418d2ee1d (diff) | |
| download | tor-8abf1c61886403c25c05d9da99b909f5bdbf363d.tar tor-8abf1c61886403c25c05d9da99b909f5bdbf363d.tar.gz | |
a few more tweaks
svn:r3584
Diffstat (limited to 'doc/design-paper/challenges.tex')
| -rw-r--r-- | doc/design-paper/challenges.tex | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/doc/design-paper/challenges.tex b/doc/design-paper/challenges.tex index 73b006f12..ce906fe83 100644 --- a/doc/design-paper/challenges.tex +++ b/doc/design-paper/challenges.tex @@ -794,11 +794,6 @@ time. %continued use of identification by IP number as long as there is no %workable alternative. -%Fortunately, our modular design separates -%routing from node discovery; so we could implement Morphmix in Tor just -%by implementing the Morphmix-specific node discovery and path selection -%pieces. - %[XXX Mention correct DNS-RBL implementation. -NM] \section{Design choices} @@ -942,14 +937,14 @@ order). Using randomized path lengths may help some, since the attacker will never be certain he has identified all nodes in the path, but as long as the network remains small this attack will still be feasible. -Helper nodes also help Tor clients, because choosing entry and exit points +Helper nodes also aim to help Tor clients, because choosing entry and exit points randomly and changing them frequently allows an attacker who controls even a few nodes to eventually link some of their destinations. The goal is to take the risk once and for all about choosing a bad entry node, rather than taking a new risk for each new circuit. (Choosing fixed exit nodes is less useful, since even an honest exit node still doesn't protect against a hostile website.) But obstacles still remain before -we can implement helper nodes. +we can implement them. For one, the literature does not describe how to choose helpers from a list of nodes that changes over time. If Alice is forced to choose a new entry helper every $d$ days and $c$ of the $n$ nodes are bad, she can expect @@ -1325,7 +1320,7 @@ much traffic they have been able to transfer recently) and include this information in the descriptors they upload to the directory. Clients choose servers weighted by their bandwidth, neglecting really slow servers and capping the influence of really fast ones. - +% This is, of course, eminently cheatable. A malicious node can get a disproportionate amount of traffic simply by claiming to have more bandwidth than it does. But better mechanisms have their problems. If bandwidth data |