| Internet-Draft | Towards a CAP Theorem for Censorship Cir | November 2023 |
| Myers | Expires 29 May 2024 | [Page] |
This Internet-Draft is a submission to the IAB Workshop on Barriers to Internet Access of Services [biasws].¶
This note is to be removed before publishing as an RFC.¶
Status information for this document may be found at https://datatracker.ietf.org/doc/draft-cfm-circumvention-cap-theorem/.¶
Source for this draft and an issue tracker can be found at https://github.com/cfm/draft-cfm-circumvention-cap-thorem.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 29 May 2024.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
Between June 2022 and April 2023 [tor-status], the Tor network was the target of a sustained distributed denial-of-service (DDoS) attack, apparently targeting the relays and directory servers that coordinate introductions to Tor hidden services [tor-relays-2022-07] [tor-relays-2022-10]. This attack impeded the performance and threatened the security of the Tor network for all users. It especially obstructed Web sites and services that had gone out of their way to be accessible to Tor users via Tor hidden services, which usually improve the performance of the Tor network by bypassing the "exit nodes" that interface with the clearnet Internet.¶
Although the origins and motivations of this attack remain unknown, it is a useful case study in the D/DoS vulnerability of overlay networks such as Tor, which users may seek out to protect their anonymity, circumvent censorship, or both. The CAP theorem [cap-theorem] is instructive: like a database, a censorship-circumvention system is useful to the extent that it is:¶
consistent: returns accurate and current data;¶
available: returns data at all; and¶
partition-tolerant: routes around failures, which by definition include active censorship. In this case, they also include active attacks on circumvention infrastructure that lessen its overall availability, whether or not intended as an act of censorship.¶
For the workshop, I propose to explore further whether formalisms such as the CAP theorem are useful models and/or measures for the utility and resilience of a censorship-circumvention system such as Tor.¶