mirror of
https://github.com/tahoe-lafs/tahoe-lafs.git
synced 2024-12-19 04:57:54 +00:00
Improved section on performance and security issues
This commit is contained in:
parent
24beb033d6
commit
21013284c9
@ -298,12 +298,12 @@ complete configuration for server use-case 2 would look like::
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Performance and security issues with Tor Hidden Services
|
Performance and security issues
|
||||||
========================================================
|
===============================
|
||||||
|
|
||||||
If you are running a server which does not itself need to be
|
If you are running a server which does not itself need to be
|
||||||
anonymous, should you make it reachable as a Tor Hidden Service or
|
anonymous, should you make it reachable via an anonymizing network or
|
||||||
not? Or should you make it reachable *both* as a Tor Hidden Service
|
not? Or should you make it reachable *both* via an anonymizing network
|
||||||
and as a publicly traceable TCP/IP server?
|
and as a publicly traceable TCP/IP server?
|
||||||
|
|
||||||
There are several trade-offs effected by this decision.
|
There are several trade-offs effected by this decision.
|
||||||
@ -311,18 +311,16 @@ There are several trade-offs effected by this decision.
|
|||||||
NAT/Firewall penetration
|
NAT/Firewall penetration
|
||||||
------------------------
|
------------------------
|
||||||
|
|
||||||
Making a server be reachable as a Tor Hidden Service makes it
|
Making a server be reachable via Tor or I2P makes it reachable even if there
|
||||||
reachable even if there are NATs or firewalls preventing direct TCP/IP
|
are NATs or firewalls preventing direct TCP/IP connections to the server.
|
||||||
connections to the server.
|
|
||||||
|
|
||||||
Anonymity
|
Anonymity
|
||||||
---------
|
---------
|
||||||
|
|
||||||
Making a Tahoe-LAFS server accessible *only* via Tor Hidden Services
|
Making a Tahoe-LAFS server accessible *only* via Tor or I2P can be used to
|
||||||
can be used to guarantee that the Tahoe-LAFS clients use Tor to
|
guarantee that the Tahoe-LAFS clients use Tor or I2P to connect. This prevents
|
||||||
connect. This prevents misconfigured clients from accidentally
|
misconfigured clients from accidentally de-anonymizing themselves by connecting
|
||||||
de-anonymizing themselves by connecting to your server through the
|
to your server through the traceable Internet.
|
||||||
traceable Internet.
|
|
||||||
|
|
||||||
Also, interaction, through Tor, with a Tor Hidden Service may be more
|
Also, interaction, through Tor, with a Tor Hidden Service may be more
|
||||||
protected from network traffic analysis than interaction, through Tor,
|
protected from network traffic analysis than interaction, through Tor,
|
||||||
@ -334,13 +332,12 @@ If so we need to link to it. If not, then maybe we should explain more here why
|
|||||||
Performance
|
Performance
|
||||||
-----------
|
-----------
|
||||||
|
|
||||||
A client connecting to a Tahoe-LAFS server through Tor incurs
|
A client connecting to a publicly traceable Tahoe-LAFS server through Tor incurs
|
||||||
substantially higher latency and sometimes worse throughput than the
|
substantially higher latency and sometimes worse throughput than the same client
|
||||||
same client connecting to the same server over a normal traceable
|
connecting to the same server over a normal traceable TCP/IP connection.
|
||||||
TCP/IP connection.
|
|
||||||
|
|
||||||
A client connecting to a Tahoe-LAFS server which is a Tor Hidden
|
A client connecting to a Tahoe-LAFS server which is a Tor Hidden Service or I2P
|
||||||
Service incurs much more latency and probably worse throughput.
|
server incurs much more latency and probably worse throughput.
|
||||||
|
|
||||||
Positive and negative effects on other Tor users
|
Positive and negative effects on other Tor users
|
||||||
------------------------------------------------
|
------------------------------------------------
|
||||||
@ -360,12 +357,25 @@ Both of these effects are doubled if you upload or download files to a
|
|||||||
Tor Hidden Service, as compared to if you upload or download files
|
Tor Hidden Service, as compared to if you upload or download files
|
||||||
over Tor to a publicly traceable TCP/IP server.
|
over Tor to a publicly traceable TCP/IP server.
|
||||||
|
|
||||||
|
Positive and negative effects on other I2P users
|
||||||
|
------------------------------------------------
|
||||||
|
|
||||||
|
Sending your Tahoe-LAFS traffic over I2P adds cover traffic for other I2P users
|
||||||
|
who are also transmitting data. So that is good for them -- increasing their
|
||||||
|
anonymity. It will not directly impair the performance of other I2P users'
|
||||||
|
interactive sessions, because the I2P network has several congestion control and
|
||||||
|
quality-of-service features, such as prioritizing smaller packets.
|
||||||
|
|
||||||
Performance and security issues with I2P
|
However, if many users are sending Tahoe-LAFS traffic over I2P, and do not have
|
||||||
========================================
|
their I2P routers configured to participate in much traffic, then the I2P
|
||||||
|
network as a whole will suffer degradation. Each Tahoe-LAFS router using I2P has
|
||||||
|
their own anonymizing tunnels that their data is sent through. On average, one
|
||||||
|
Tahoe-LAFS node requires 12 other I2P routers to participate in their tunnels.
|
||||||
|
|
||||||
TBC
|
It is therefore important that your I2P router is sharing bandwidth with other
|
||||||
|
routers, so that you can give back as you use I2P. This will never impair the
|
||||||
|
performance of your Tahoe-LAFS node, because your I2P router will always
|
||||||
|
prioritize your own traffic.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user