Hi, On Sun, 2013-08-04 at 01:57 -0700, m wrote:
How is this conceptually different from a 2-node Tor network, where each ISP operates one node of the pair linking to every other ISP (so there are I^2 pairs)? Additional benefit of using Tor would be mixing and making traffic analysis harder. Threat modelling could draw on the existing research on Tor vulnerabilities.
It may be misguided, but avoiding I^2 / M:N sessions was a goal. As numbers go, it's big enough to be uncomfortable (there's ~40K ASNs). There are other differences; with something like hide-eid, the source IP isn't hidden from the destination, and vice-versa. This lets SIP and FTP, for instance, work transparently over it. Also, if a peer or their ISP objects to the traffic, they know who's responsible for it so can take action. That last may be a disadvantage, depending on your preferences ;). My tor node's exit IP got added to a DNSBL for being the visible peer in abusive HTTP requests within a day or so of being started up. Traditional tor is also dog-slow by comparison; packets through hide-eid take the same network path as they ordinarily would between wrap and unwrap. I assume that a 2-node tor network would replicate this property? I don't feel qualified to comment on scalability potential to any large degree, but it's something I've got an eye on. Hopefully, it's easier to scale this kind of limited packet futzing than it is to scale an onion router.
Also, an ISP could easily, today, run single-node Tor network to obscure end point locations.
Would the end-users need to run tor as well, or does it have support for scooping up a whole network's worth of traffic, transparently? I've only gotten as far as running it, not using it... /Nick