Yo!!!! > For example, both A and B are running *non-exit* Tor servers. Now, A > want to secretly and securely send a file to B, he(A) doesn't need other > mechanisms, he doesn't need to know B's address either, all he needs is > B's nickname, he specifies: "I want Tor to transfer my file to > B(nickname)", then Tor will create a circuit starting from A's server > and ending at B's server, the file is transfered over the circuit, never > goes out of the Tor network, thus meets A's security needs (right?). I am not sure I understand what you mean... Torward is a great little software program which listens at a port for files and can also be used to send files. Now. I am A. You are B. I setup blahblahblah.onion (let's use that as "nickname" as you call it). As B, you run: torward.exe -h blahblahblah.onion -p someport subversivefile.txt Now I as A get the file dumping into my Torward running at blahblahblah.onion. This works even if we both are Tor clientz. > B(nickname)", then Tor will create a circuit starting from A's server > and ending at B's server, the file is transfered over the circuit, never > goes out of the Tor network, thus meets A's security needs (right?). I think I get what you are looking for, but the Problem with Your Story is this: It's very easy to find out who A and B is, isn't it? From my understanding of your text, this is the security properties of ANY file transfer tool, isn't it, because both server A and B would know that (nickname) is at B? (He's over there!! GET HIM!!) I realize that you probably have goodness in your hearth and want more people to run Tor-servers, but really, it does not look like this would give me the security properties I want. As for more people running Tor servers, Tor users who realize that the Tor-network simply won't work if everyone runs as a client; if you use Tor once a month then alright, be a leech, but if you use it for 90% of your Internet traffic then you really should run a server... > 1) I know my idea is rather primitive, but in general, is it an idea > worth deeper investigation? Probably, if I misunderstood it, but as I understand it, what you describe gives worse security properties than the currently existing way of doing things. Also, file-transfer - and everything else - should work in client mode too! If I pay for 5 co-located servers running Tor-servers and run i client mode because I've got slow ADSL at home or am at the library or at a friends house then I still want to be able to use the full potential of Tor and do everything I could do if I were running a server. --xiando(tm).
Description: PGP signature