> because "the right distribution" is a function of which adversary you're > considering, and once you consider k adversaries at once, no single > distribution will be optimal for all of them.)
Granted. But since we're speaking idealizations, I say take that the expected-value over the distributions weighted by the probability of each adversary. In application this would be a distribution that although unlikely to be optimal against any specific adversary, it's has robust hardness across a wide variety of adversaries. Or, if that distribution is unclear, pick the distribution of exit-relay with the highest minimum hardness. This reminds me of the average-entropy vs min-entropy question for quantifying anonymity. I'd be content with either solution, and in regards to Roster I'm not sure the difference will matter much. I am simply asking the more knowledgeable for their opinion and recommendation. Is there one? -V On Wed, Sep 23, 2015 at 2:47 PM Roger Dingledine <a...@mit.edu> wrote: > On Wed, Sep 23, 2015 at 06:26:47AM +0000, Yawning Angel wrote: > > On Wed, 23 Sep 2015 06:18:58 +0000 > > Virgil Griffith <i...@virgil.gr> wrote: > > > * Would the number of exit nodes constitute exactly 1/3 of all Tor > > > nodes? Would the total exit node bandwidth constitute 1/3 of all Tor > > > bandwidth? > > > > No. There needs to be more interior bandwidth than externally facing > > bandwidth since not all Tor traffic traverses through an Exit > > (Directory queries, anything to do with HSes). > > > > The total Exit bandwidth required is always <= the total amount of Guard > > + Bridge bandwidth, but I do not have HS utilization or Directory query > > overhead figures to give an accurate representation of how much less. > > On the flip side, in *my* idealized Tor network, all of the relays are > exit relays. > > If only 1/3 of all Tor relays are exit relays, then the diversity of > possible exit points is much lower than if you could exit from all the > relays. That lack of diversity would mean that it's easier for a relay > adversary to operate or compromise relays to attack traffic, and it's > easier for a network adversary to see more of the network than we'd like. > > (In an idealized Tor network, the claim about the network adversary > might not actually be true. If you have exit relays in just the right > locations, and capacity is infinite compared to demand, then the network > adversary will learn the same amount whether the other relays are exit > relays are not. But I think it is a stronger assumption to assume that we > have exactly the right distribution of exit relay locations -- especially > because "the right distribution" is a function of which adversary you're > considering, and once you consider k adversaries at once, no single > distribution will be optimal for all of them.) > > --Roger > > _______________________________________________ > tor-dev mailing list > tor-dev@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev >
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev