On 1/16/20 5:01 PM, proc...@riseup.net wrote: > > Hi. We are rolling out the vanguard plugin for our users and wanted to > understand some options we can enable. > > * In many parts of the Security README setting *circ_max_megabytes* is > recommended. Though it is discouraged for usecases involving Onionshare > and Securedrop which we support. What is a reasonable limit to set? What > happens is the max ceiling gets hit? Does it permanently disrupt the > upload/download?
Setting circ_max_megabytes means that no circuit can be used to transmit more than that many megabytes. As soon as that limit is hit, the circuit will be force-closed. I do not recommend using this option in your case, as you cannot anticipate the max file size that a securedrop or onionshare user may use, and the failure more here is non-obvious (their upload/download will just fail). > * "High load onion services may consider using 4 layer2 guards by > changing the *num_layer2_guards* option in the configuration file > <https://github.com/mikeperry-tor/vanguards/blob/master/vanguards-example.conf>, > but going beyond that is not recommended." > Does this benefit clients too? We would like to enable options that > mimic the configuration used by actual high load onion services to > provide them with more cover. Using more layer2 guards will not improve client performance. I recommend staying with the defaults, as they are backed by asn's analysis. Any other choice would be arbitrary or specific to a custom circumstance, and thus provide less cover. -- Mike Perry
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
