[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Proposal: Download consensus documents only when it will be trusted




On Apr 14, 2008, at 2:19 AM, Nick Mathewson wrote:
On Sun, Apr 13, 2008 at 05:19:15PM +0200, Peter Palfrader wrote:

Anonymity Implications:

By supplying the list of authorities a client trusts to the directory server we leak information (like likely version of Tor client) to the
 directory server.  In the current system we also leak that we are
 very old - by re-downloading the consensus over and over again, but
 only when we are so old that we no longer can trust the consensus.

Hm.  I don't think that the old approach leaks the exact version quite
so immediately as the new one does, but I agree that the information
extractable is about the same.

In case it is decided that this leakage is very bad, I thought of something:

I do not know whether this will work technically, but couldn't the client
decide where to download from? I'm thinking of a "directory descriptor",
and a client asks for one of those at a location. If it is satisfied, it requests the information from that directory, if not, it asks (at a different location) for another descriptor, or a few of them at once. Do you think this could work?

OT: Please someone tell me (on IRC or private mail) if my e-mail still has a
broken certificate, I'm really trying to fix that problem.

Thanks
Sebastian

Attachment: PGP.sig
Description: This is a digitally signed message part