[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] "Potentially dangerous relay groups"

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] "Potentially dangerous relay groups"
From: Corné Oppelaar <hello@xxxxxxxxxxxx>
Date: Wed, 28 Sep 2016 15:00:39 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 28 Sep 2016 09:10:47 -0400
In-reply-to: <befce972-adfe-4e4f-d10f-97b13d79cb5c@unterderbruecke.de>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <8903b8a7-34a3-6be4-cc7f-2db20fd52948@openmailbox.org> <a15028e9-1193-253f-9571-f56448450440@babylon.network> <20160928013851.161cf319@natsu> <CAD2Ti29NKpFwHEVGgWiaLSXQ_WC44=PPReHjaWVd4ueQbsbZYA@mail.gmail.com> <20160928115351.0780b7d4@natsu> <a1a40a76-ec5d-bad7-a90f-5a4e9e6e8989@horus-it.de> <20160928145205.21c07fd4@natsu> <CAGLdCPij_QR9cQLawHVHHO6iePK-3cFOSPEoh7N87mk8yxkOeQ@mail.gmail.com> <CAD2Ti2_ouApper0bMjk-3uRmr5qcNENrLU4urac9f4TfVCxSSg@mail.gmail.com> <CAGLdCPiFDdniL7feWPLACtpSfvLL2OR0rSY3NRQDhWLU7UNVvA@mail.gmail.com> <befce972-adfe-4e4f-d10f-97b13d79cb5c@unterderbruecke.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Personally I like what Petrusko provided the most

> In torrc, an idea...??
> 
> *MyFamily http://mydomain.org/myfamily.txt*

the list being a plaintext file of fingerprints seperated by newlines,
and if the server having that family list is not in that mentoined
family list, it's not authorized to be in that family.

Altho this will create an overhead of making a new http request when
looking for an Tor node, which may be a problem. it actually isn't
possibly at all without leaking the real IP to said server, or someone
needs to be more creative then me :s

But on the other hand, if you run more then 4 nodes, just let puppet
or any other system managment tool fill in the MyFamily field,
shouldn't be that hard imo

On 09/28/2016 02:44 PM, Random Tor Node Operator wrote:
> On 09/28/2016 02:01 PM, Chad MILLER wrote:
>> So? A relay can always have behaved badly. What's the harm in
>> you fraudulently claiming to be in family com.example.chadmiller
>> ? A user's path won't have passed through both you and me, but
>> you could have prevented traffic from passing through you any
>> time. At worst, you get to participate in a user's path and
>> exclude me from participating. That's no worse than you setting
>> your machine on fire and me participating.
> 
> 1) Bad actor sets up a bunch of relays fraudulently joining the
> majority of other relays. 2) Path selection of clients will now
> effectively prefer the bad actor's relays on which he performs
> eavesdropping, traffic analysis, or other nasty things.
> 
> The bad actor could also leave a few of his bad relays without
> family in order not to uncover himself so easily.
> 
> I am in favor of a scheme where the process of joining a family is 
> authenticated.
> 
> 
> 
> 
> _______________________________________________ tor-relays mailing
> list tor-relays@xxxxxxxxxxxxxxxxxxxx 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJX677wAAoJEE6fMe4ysJ7McdUH/1TzCArbxb0kZ1SDwc1P01LE
5bWvTtFj++C3PqcDzeiN3UrzVwm1AtJLa5pW3yZlAorgHksL98oX/om4EY2DKptz
IpEreQeobE/bd6c9Klhjc+FwVwW6Lb3D61KbeZkxE9+nyXrMjWUS8Nws0REZgKhc
IW6Q6kmuBt48yudbTm/dBAYPPND290ebGDuF7EDhsS9shx3+SxchuXYapwh8S1Xi
mZENyKDqxxcZT/8Ua7xMTreOzFFfscpcbFBnsKCbMjqJg0/bGKENyASoNJVQha7t
xmd5dL4fLyLrDlsi3AK4IVFCuWp3rsFpZZJ5An4FPHUe6NBSAX7pbfRko0cmq/E=
=Xptb
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] "Potentially dangerous relay groups"
  - From: nusenu
- Re: [tor-relays] "Potentially dangerous relay groups"
  - From: Tim Semeijn
- Re: [tor-relays] "Potentially dangerous relay groups"
  - From: Roman Mamedov
- Re: [tor-relays] "Potentially dangerous relay groups"
  - From: grarpamp
- Re: [tor-relays] "Potentially dangerous relay groups"
  - From: Roman Mamedov
- Re: [tor-relays] "Potentially dangerous relay groups"
  - From: Ralph Seichter
- Re: [tor-relays] "Potentially dangerous relay groups"
  - From: Roman Mamedov
- Re: [tor-relays] "Potentially dangerous relay groups"
  - From: Chad MILLER
- Re: [tor-relays] "Potentially dangerous relay groups"
  - From: grarpamp
- Re: [tor-relays] "Potentially dangerous relay groups"
  - From: Chad MILLER
- Re: [tor-relays] "Potentially dangerous relay groups"
  - From: Random Tor Node Operator

Prev by Author: Re: [tor-relays] Request for Tor abuse complaints - Question regarding Bittorrent
Next by Author: Re: [tor-relays] write-history for exit relays only?
Previous by thread: Re: [tor-relays] "Potentially dangerous relay groups"
Next by thread: Re: [tor-relays] "Potentially dangerous relay groups"
Index(es):
- Author
- Thread