[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #20831 [Core Tor/Tor]: Support existing guard torrc options better with new guard code, or deprecate them.

Subject: Re: [tor-bugs] #20831 [Core Tor/Tor]: Support existing guard torrc options better with new guard code, or deprecate them.
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 13 Dec 2016 18:48:37 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 13 Dec 2016 13:48:46 -0500
In-reply-to: <045.83d271c413b55ca8b03143bcf9a1df78@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.83d271c413b55ca8b03143bcf9a1df78@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#20831: Support existing guard torrc options better with new guard code, or
deprecate them.
-------------------------------------------------+-------------------------
 Reporter:  nickm                                |          Owner:  nickm
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  0.3.0.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-guard regression                 |  Actual Points:  .2
  TorCoreTeam201612                              |
Parent ID:  #20822                               |         Points:  2
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by asn):

 Patch looks plausible, but I'm not entirely sold yet.

 I'm not 100% persuaded that `NumDirectoryGuards==3` actually offers much
 security, if the top primary guard is malicious. I remember the argument
 about malicious directory guards refusing to serve relay descriptors, but
 I kinda feel that we are screwed anyway if the top primary guard is evil
 since all circuits are going to go through it anyhow.

 Also, the patch only supports multiple entry guards when it comes to
 primary guards, and does not try to generalize the logic to the other
 guard picking cases. A spec patch is definitely useful for this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20831#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #21014 [Metrics/Censorship analysis]: Turkey blocking of direct connections, 2016-12-12
Next by Author: Re: [tor-bugs] #20879 [Applications/Tor Browser Sandbox]: Set rlimits in the containers.
Previous by thread: Re: [tor-bugs] #20831 [Core Tor/Tor]: Support existing guard torrc options better with new guard code, or deprecate them.
Next by thread: Re: [tor-bugs] #20831 [Core Tor/Tor]: Support existing guard torrc options better with new guard code, or deprecate them.
Index(es):
- Author
- Thread