[Cryptography] Apple's iCloud+ "VPN"

Jerry Leichter leichter at lrw.com
Mon Jun 28 17:12:47 EDT 2021


>> Interesting initiative and as said, moving the kind of relatively obscure stuff like that which Tor does to the mainstream with low friction ought provoke some movement elsewhere.
> 
> For better or worse, yes.  I’m not sure people recognize just how much this will affect performance, though.  It’s not pretty.  Regular Tor users know what I’m talking about; this isn’t particularly better.
I don't think we can really say what the effect will be.  Experience with Tor is not a good basis for judgement.  Tor nodes are (relatively) small and have limited bandwidth in they Internet connections.  They can't begin to compare with the raw CPU horsepower and fastest-available network connections that both Apple and the CDN's who are the second hop are in a position to throw at the problem.

Early reports are "no noticeable effect," though of course this is in a situation where there are at most tens of thousands of beta users.  What will happen when there are hundreds of millions, or even billions, of users, is impossible to say.  I'm sure Apple has done tons of analyses and simulations and is confident that they and their partners can handle the load - but theory and reality can be very different at Internet scale.  We'll see.

One interesting question is what the effective diameter (expected number of hops between a pair of hosts) of the Internet will be, as seen through this service.  I was unable to find any data on what this number is for today's Internet. Though I'm sure there are studies out there, a quick search was unavailing - the obvious "Internet diameter" search leads to a (1999) analysis of URL references to connect two arbitrary sites.  (In 1999, that number was 19.)  Given the large number of very well-connected POP's both parties have, it's quite possible that the effective diameter might end up lower.  That could reduce the costs of the more expensive decryption and forwarding steps in such a protocol relative to a simple router.  We'll see.  

                                                        -- Jerry



More information about the cryptography mailing list