[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Suggestion





> -----Original Message-----
> From: owner-or-dev@freehaven.net 
> [mailto:owner-or-dev@freehaven.net] On Behalf Of Roger Dingledine
> Sent: Wednesday, September 04, 2002 1:07 AM
> To: or-dev@freehaven.net
> Subject: Re: Suggestion
> 
> 
> On Tue, Sep 03, 2002 at 11:41:08PM +0100, Andrei Serjantov wrote:
> > Sure, I appreciate that. I am happy for this mode to be off by 
> > default. Interestingly, this is an argument for not running 
> your own 
> > OR either way.
> 
> That's a really good point. It was rolling around in the back 
> of my mind, but I hadn't followed it to its conclusion:
Surely it goes both ways - if the adversary knows about the OR network
and has the or.routers list, then he will know that you are running an
or router and if requests come in from mosg.cl.cam.ac.uk he'll know that
he can't tell just from the logs that it's actually you connecting to
him ... Even if it is most likely.

> 
> "If I implement a stupid mode, most people will turn it on."
> 
> (And if I don't implement it, people will keep asking for it 
> until somebody does.)
I like these open-source dogmas :-).

> What's the usual answer to this, in terms of software 
> engineering and security projects?
Well stuff like this invariably gets implemented and the developers then
stick a big WARNING! Into the README file.
But in this case - should we ever assume that the adversary is weak
enough to turn this on?

Mat

> --Roger
>