### Rating (1--4): + 3: Weak Accept -- This paper may have flaws, but I would not argue against it at a major conference ### What did this paper do well? + Presented a very portable implementation of Onion protocol, great contribution ! + Very structured, easy to understand writings + Be very self-critical in criticizing own design of TOR, reasons for design choices were also included ### Where did this paper fall short? + Not able to anonymize non-TCP protocols (paper admitted) + The paper could use more diagrams, charts, other graphic elements. + A section regarding steps to harden TOR would make the paper much better, noting that there are serious limitations due to the nature of TOR staying at TCP layer, and being designed as a low-latency solution ### What did you learn from reading this paper? + Usability in TOR is actually a security requirement since good usability means more users and having a large enough user base is critical for TOR to maintain anonymity. + Different other kinds of anonymous networks with different approach, on different layers (and their Pros/Cons) + Several acknowledged limitations of TOR among which is the fact that TOR does not aim to solve end-2-end timing attacks. ### What questions do you have about the paper or the area? + "Certain more trusted nodes act as directory servers" --> possible hijacks/forging via http ? + Will TOR hold when D-H got compromised? (logjamed?) + What is the legal implications for nodes participated in an illegal transaction between two illegal endpoints? + What is "protocol normalization" ?
