diff options
Diffstat (limited to 'spec/path-spec/detecting-route-manipulation-by-guard-nodes-path.md')
-rw-r--r-- | spec/path-spec/detecting-route-manipulation-by-guard-nodes-path.md | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/spec/path-spec/detecting-route-manipulation-by-guard-nodes-path.md b/spec/path-spec/detecting-route-manipulation-by-guard-nodes-path.md index 1191efc..c7ff50c 100644 --- a/spec/path-spec/detecting-route-manipulation-by-guard-nodes-path.md +++ b/spec/path-spec/detecting-route-manipulation-by-guard-nodes-path.md @@ -1,4 +1,5 @@ <a id="path-spec.txt-7"></a> + # Detecting route manipulation by Guard nodes (Path Bias) The Path Bias defense is designed to defend against a type of route @@ -33,6 +34,7 @@ restrict the defense to being informational only at this stage (see section 7.5). <a id="path-spec.txt-7.1"></a> + ## Measuring path construction success rates Clients maintain two counts for each of their guards: a count of the @@ -49,6 +51,7 @@ If a circuit closes prematurely after construction but before being requested to close by the client, this is counted as a failure. <a id="path-spec.txt-7.2"></a> + ## Measuring path usage success rates Clients maintain two usage counts for each of their guards: a count @@ -84,6 +87,7 @@ Prematurely closed circuits are not probed, and are counted as usage failures. <a id="path-spec.txt-7.3"></a> + ## Scaling success counts To provide a moving average of recent Guard activity while @@ -99,6 +103,7 @@ currently open circuits are subtracted from the usage counts before scaling, and added back after scaling. <a id="path-spec.txt-7.4"></a> + ## Parametrization The following consensus parameters tune various aspects of the @@ -183,6 +188,7 @@ defense. ``` <a id="path-spec.txt-7.5"></a> + ## Known barriers to enforcement Due to intermittent CPU overload at relays, the normal rate of @@ -190,4 +196,3 @@ successful circuit completion is highly variable. The Guard-dropping version of the defense is unlikely to be deployed until the ntor circuit handshake is enabled, or the nature of CPU overload induced failure is better understood. - |