diff options
author | David Goulet <dgoulet@torproject.org> | 2024-04-16 15:17:25 +0000 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2024-04-16 15:17:25 +0000 |
commit | db46703c96a3375d83b2077c8c58579077bb8458 (patch) | |
tree | b80972edfae72558c41576a3d3cafd6db3cc65e4 | |
parent | cf339e7ec3ce89c783c0f0801d5bf09bbcbf1da6 (diff) | |
parent | 04d4f87b7705b50c6b1c7d658b4cbf048276ef05 (diff) | |
download | torspec-db46703c96a3375d83b2077c8c58579077bb8458.tar.gz torspec-db46703c96a3375d83b2077c8c58579077bb8458.zip |
Merge branch '340-data-frag' into 'main'
prop340: Expand on why we don't allow DATA fragmentation
See merge request tpo/core/torspec!264
-rw-r--r-- | proposals/340-packed-and-fragmented.md | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/proposals/340-packed-and-fragmented.md b/proposals/340-packed-and-fragmented.md index 2407f99..8586349 100644 --- a/proposals/340-packed-and-fragmented.md +++ b/proposals/340-packed-and-fragmented.md @@ -269,8 +269,23 @@ conflux bundle. ### An exception for `DATA`. -Data messages may not be fragmented. (There is never a reason to do -this.) +Data messages may not be fragmented. When packing data into a cell containing +other messages is desired, the application can instead construct a DATA message +of an appropriate size to fit into the remaining space. + +While relaxing this could simplify the implementation of opportunistic packing +somewhat (by allowing code that constructs `DATA` messages not to have to know +about packing or fragmentation), doing so would have several downsides. + +First, on the receiver side a naive implementation that receives the first cell +of a fragmented `DATA` message would not be able to pass the data in that +fragment on to the application until the remaining cells of that message are +received. An optimized implementation might choose to do so, but that +complexity seems worse than the complexity we'd be avoiding by allowing `DATA` +fragmentation in the first place. + +Second, as with any sort of flexibility permitted to implementations, allowing +flexibility here adds opportunities for fingerprinting and covert channels. ### Extending message-length maxima |