David Goulet wrote: > Tor relays supporting the HS DoS defense (intro points) at this point in time > are not in majority. Basically >= 0.4.2.1-alpha relays do support it which > currently represents ~36% in bandwidth weight so roughly 1/3 of the network. > > If a service enables the defenses (like you did above), it will NOT > specifically pick intro points supporting the defenses but will normally pick > intro points as it did before and _if_ they happen to support the HS defenses > (via protocol version "HSIntro=5"), then they are used. Yes, I agree, not > ideal but there is a valid reason. > > This is in part to prevent partitionning onion services using the HS defenses > to a specific set of relays (those who support it). Bottom line is: if the set > of relays that can only be used by an onion service is reduced, attack surface > gets bigger. > > As the relay in the network upgrades to latest stables, the network naturally > move towards supporting these defenses in majority. This is another > _extremely_ important reason why relay operators should stay up to date with > their tor application so the network can be more agile in deploying defenses > and improvements. >
Sure - the best move to prevent onion services partitioning using this HS defense. However, there is something unclear I'd like to understand. From the manual: **HiddenServiceEnableIntroDoSDefense** **0**|**1**:: Enable DoS defense at the intropoint level. When this is enabled, the rate and burst parameter (see below) will be sent to the intro point which will then use them to apply rate limiting for introduction request to this service. The introduction point honors the consensus parameters except if this is specifically set by the service operator using this option. The service never looks at the consensus parameters in order to enable or disable this defense. (Default: 0) So the service hosting the HS does not look at this consensus param. Right now e do not have a consensus param for this at all, but what will happen if the directory authorities will vote this consensus param as HiddenServiceEnableIntroDoSDefense 1? In this case, the introduction points will see that, and use the default values of 25 introductions per second with a burst of 200 / sec. In this case, if a HS operator wants to _disable_ this protection totally, he should set HiddenServiceEnableIntroDoSRatePerSec 0 which according to the manual: "If this option is 0, it is considered infinite and thus if **HiddenServiceEnableIntroDoSDefense** is set, it then effectively disables the defenses."? Or should he just set HiddenServiceEnableIntroDoSDefense 0, which is already 0 by default for _services_? (this is the confusing part).
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
