On 5/26/15, Donncha O'Cearbhaill <[email protected]> wrote: > ... > I am interested in hearing from all existing hidden service operators.
speaking for two, > In particular I'd like to understand the use-cases, - file distribution - "web services", etherpad, ethersheet, webdav - XMPP - IRC - overlay network (tun/tap) > priorities file distribution and chat. > limitations fragility; zooko's triangle. (see also namecoin and onion name service experiments for bootstrap) > There have been anecdotal reports on the Tor > bug tracker that hidden services have trouble scaling to more than 100 > concurrent connections [2]. Is this something that operators here have > experienced? it would be nice to speak of hidden service establishment rates across distinct number of onions, rather than a simple frequency counter. specifically, high establishment rates over many onions is the most performance intensive use case unless under attack of any myriad sort... conversely, if in a constrained environment like old computer or small device, using only a couple onions, for light traffic is advised. > There has also been recent DoS campaigns affecting Tor > hidden services which have been challenging to mitigate. one word: blowback. [ maybe #FreeRedTeam ? gotta make lemonade, sweet sweet lemonade ] > In my project I hope to produce a tool which will allow a hidden service > to be backed my multiple Tor instances which can be spread across > multiple servers and geographical locations. in the 50G mirror experiment, even while under volatile network conditions, this technique - using many concurrently active onions - worked well and kept throughput and availability consistently robust. bigsun dist uses 9 onions across three physical hosts, for reference. > - Redundant hidden service hosting with no single point of failure. #1 useful. > - Secure storage of hidden service keys away from the Tor service on > smartcards or HSM's #2 useful. > - From a security perspective, would you prefer to minimize the > software running on the onion service instance servers or minimize > connections to the management server which has access to the service keys? both, #3 useful. > I've anyone has time to share, I'd be very interested in learning about > your experiences and current challenges. I'd also be delighted to hear > about any other features that may be useful to the HS community. this should be a trac, wiki, or doc? :P best regards, -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
