On Sat, Jun 30, 2012 at 07:03:19PM +0200, Fabian Keil wrote:
Nick Mathewson nickm@freehaven.net wrote:
IMPLEMENTED IN 0.2.3.x
174 Optimistic Data for Tor: Server Side 181 Optimistic Data for Tor: Client Side
This one is a performance hack that hasn't seen its full impact yet. Starting with Tor 0.2.3.x, clients MAY send data to the exit node before finding out whether the exit has been able to successfully connect to the destination server. Previously, it took an extra round trip for clients to wait to see whether the exit said "Yes, I'm connected" before they were allowed to send data for the exit. This should make connection startup faster in many protocols where the client speaks first (http, https), as more and more client programs gain support for it.
Is optimistically sending data for non-testing purposes recommended?
The "Security implications" in 181 seem to imply that it isn't, but the man page doesn't mention any risks. Is that because they are considered obvious, or simply an oversight?
The issue is that an exit node that supports optimistic data can tell when a client is using that feature. So if only a handful of clients have upgraded to a TBB that supports it (none does at this time), they'll stand out. That's why the default is "use the consensus value", which is currently off. The consensus value can be turned on later, when "enough" people can support it.
circuituse.c:
/** Return true iff client-side optimistic data is supported. */ static int optimistic_data_enabled(void) { const or_options_t *options = get_options(); if (options->OptimisticData < 0) { /* XXX023 consider having auto default to 1 rather than 0 before * the 0.2.3 branch goes stable. See bug 3617. -RD */ const int32_t enabled = networkstatus_get_param(NULL, "UseOptimisticData", 0, 0, 1); return (int)enabled; } return options->OptimisticData; }
- Ian