Delivery-Date: Tue, 26 May 2015 15:41:26 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 3A9691E070E;
	Tue, 26 May 2015 15:41:24 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 27C053581B;
	Tue, 26 May 2015 19:41:16 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 33EBD357C6
 for <tor-talk@lists.torproject.org>; Tue, 26 May 2015 19:41:12 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id M8juIK8CPXs3 for <tor-talk@lists.torproject.org>;
 Tue, 26 May 2015 19:41:12 +0000 (UTC)
Received: from mail-lb0-x231.google.com (mail-lb0-x231.google.com
 [IPv6:2a00:1450:4010:c04::231])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id CB50535475
 for <tor-talk@lists.torproject.org>; Tue, 26 May 2015 19:41:11 +0000 (UTC)
Received: by lbbuc2 with SMTP id uc2so78095979lbb.2
 for <tor-talk@lists.torproject.org>; Tue, 26 May 2015 12:41:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=VyG4t9fz/z5CnVzBXqzhblyW1zb+2jsZXoh+PBZ7R9Y=;
 b=aPKitANw114r7pHm1UjNgTVhWYwIqPLK6Uw2tJ8PAX0T9bO/bsIefM3XhojNcFIN2s
 zvlCkB8st13Mwit9uhh5iTtFBXuhiskBU4owFYadgbI8IhlRxnKyPy1+m/Fe4qhMyt4m
 BPJm689AMGb1/pSwTNckFM0TwLx+8/xMdh+v4b09wvG+fAz+WvtuxSFJNf4IyvxUNBeU
 CL4U9HMRPFJ/8BteeL3SDL1txqgSjO1HllLjG5V3tYw9lOb/ozfj7O84qXO6QwifA3aC
 b7z3Y3IX6FU8/j4/thzwy9q1gw1BD+h7FwLRHy1bPbRKWPXeJsps7YSwRNGKvS10Og0P
 GYyA==
MIME-Version: 1.0
X-Received: by 10.112.17.8 with SMTP id k8mr24401711lbd.28.1432669268647; Tue,
 26 May 2015 12:41:08 -0700 (PDT)
Received: by 10.25.90.65 with HTTP; Tue, 26 May 2015 12:41:07 -0700 (PDT)
In-Reply-To: <55643E87.4070108@donncha.is>
References: <55643E87.4070108@donncha.is>
Date: Tue, 26 May 2015 12:41:07 -0700
Message-ID: <CAJVRA1S4bHE8+0hKUj-jL+G0_Pa=LJxAdz3+=QRFCuoZZDQtSw@mail.gmail.com>
From: coderman <coderman@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Hidden Service Scaling Summer of Privacy Project
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 5/26/15, Donncha O'Cearbhaill <donncha@donncha.is> wrote:
> ...
> I am interested in hearing from all existing hidden service operators.

speaking for two,



> In particular I'd like to understand the use-cases,

- file distribution
- "web services", etherpad, ethersheet, webdav
- XMPP
- IRC
- overlay network (tun/tap)



> priorities

file distribution and chat.



> limitations

fragility; zooko's triangle. (see also namecoin and onion name service
experiments for bootstrap)



> There have been anecdotal reports on the Tor
> bug tracker that hidden services have trouble scaling to more than 100
> concurrent connections [2]. Is this something that operators here have
> experienced?

it would be nice to speak of hidden service establishment rates across
distinct number of onions, rather than a simple frequency counter.
specifically, high establishment rates over many onions is the most
performance intensive use case unless under attack of any myriad
sort...

conversely, if in a constrained environment like old computer or small
device, using only a couple onions, for light traffic is advised.



> There has also been recent DoS campaigns affecting Tor
> hidden services which have been challenging to mitigate.

one word: blowback.
 [ maybe #FreeRedTeam ? gotta make lemonade, sweet sweet lemonade ]



> In my project I hope to produce a tool which will allow a hidden service
> to be backed my multiple Tor instances which can be spread across
> multiple servers and geographical locations.

in the 50G mirror experiment, even while under volatile network
conditions, this technique - using many concurrently active onions -
worked well and kept throughput and availability consistently robust.
bigsun dist uses 9 onions across three physical hosts, for reference.



>  - Redundant hidden service hosting with no single point of failure.

#1 useful.




>  - Secure storage of hidden service keys away from the Tor service on
>    smartcards or HSM's

#2 useful.



>  - From a security perspective, would you prefer to minimize the
> software running on the onion service instance servers or minimize
> connections to the management server which has access to the service keys?

both, #3 useful.



> I've anyone has time to share, I'd be very interested in learning about
> your experiences and current challenges. I'd also be delighted to hear
> about any other features that may be useful to the HS community.

this should be a trac, wiki, or doc? :P


best regards,
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

