[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] ContactInfo Information Sharing Specification Version 1 released



Roman Mamedov:
> On Tue, 21 Jul 2020 20:17:24 +0200
> nusenu <nusenu-lists@xxxxxxxxxx> wrote:
> 
>>> What is the advantage over the torrc config value "MyFamily" ?
>>
>> MyFamily is somewhat orthogonal to the idea behind the verifyurl field.
> 
> Still not getting what advantage do you propose to ones who choose to also maintain the latter.
> 
> It reads like the main purpose of "verifyurl" is to authorize "operatorurl",
> but even as right now, if there's the same URL across all relays in a
> consistent MyFamily, what additional authorization does this need and for whom?

Lets say someone sets up a bunch of relays
and claims to be the EFF, The Torproject or any other entity they choose.
This creates a link between the relay and the entity:
(1) relay -> entity

The verifyurl gives everyone, for example users of atlas.torproject.org
the possibility to verify what they see.
verifyurl create a link in the opposite direction:
(2) entity -> relay

(1) + (2) results in a bidirectional link which can not easily be made up.

>> MyFamily has an impact on path selection, ContactInfo/verifyurl has not.
> 
> Any legitimate example where you would want to claim a fleet of relays as your
> own, but NOT want that to affect path selection?

just to clarify: verifyurl is not trying to replace MyFamily.

>> verifyurl is used to establish a bidirectional verification of the operatorurl.
>>
>> So if someone sets up a relay claiming to be torservers.net
>> verifyurl can be used to detect that automatically if torservers.net sets verifyurl in their ContactInfo.
> 
> Same already possible with MyFamily, if all other relays do not include that
> one in their family, it can be assumed to be a "fake".

MyFamily is used to link relay fingerprints. MyFamily alone does not provide any direct
way to verify ContactInfo claims.
You are assuming that there are other relays. If there are no other relays they can not 
be used to see the missing MyFamily link between the fake and real relays.

kind regards,
nusenu

-- 
https://mastodon.social/@nusenu

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays