[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] blacklisting relays with end-to-end correlation capabilities?

To: Sebastian Hahn <tor@xxxxxxxxxxxxxxxxx>, Roger Dingledine <arma@xxxxxxx>, Linus Nordberg <linus@xxxxxxxxxxx>, adejoode@xxxxxxxxxxxx, collective@xxxxxxxxxx, sina@xxxxxxxxxxx, Peter Palfrader <weasel@xxxxxxxxxxxxxx>
Subject: Re: [tor-dev] blacklisting relays with end-to-end correlation capabilities?
From: nusenu <nusenu@xxxxxxxxxxxxxxx>
Date: Tue, 03 Jan 2017 00:31:00 +0000
Cc: tor-dev@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 02 Jan 2017 19:40:48 -0500
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1483403481; bh=oxbqH6IpA/kZfYRvh4QLp4bNRGnIJQ8Ytt/bdhOmR4A=; h=From:Subject:To:References:Cc:Date:In-Reply-To:From; b=GuB4YjiStoO/QjFbMYeTspngB3oxydLGxzdDRDru2mD78ruXyL8tgf5jLp8j8g9W+ L5zAHFh6DbgagR43cHAPAHN514bzdgDP0ULZrqTRM4Pc5ck70wkAW8u9gw7LaObKvS xyDFf71HImY5xKuT06fOryD1OKujK0Ei35PtmFk8=
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1483403481; bh=oxbqH6IpA/kZfYRvh4QLp4bNRGnIJQ8Ytt/bdhOmR4A=; h=From:Subject:To:References:Cc:Date:In-Reply-To:From; b=GuB4YjiStoO/QjFbMYeTspngB3oxydLGxzdDRDru2mD78ruXyL8tgf5jLp8j8g9W+ L5zAHFh6DbgagR43cHAPAHN514bzdgDP0ULZrqTRM4Pc5ck70wkAW8u9gw7LaObKvS xyDFf71HImY5xKuT06fOryD1OKujK0Ei35PtmFk8=
In-reply-to: <982A3A02-0DEC-41D3-869A-5B759B9932E0@sebastianhahn.net>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <c3b455f6-6f41-7976-cdd9-ea372684bdd7@openmailbox.org> <1035CC2D-B854-46AE-A645-680D80C1A43E@gmail.com> <c79cb9f9-3b2b-dcb5-9013-79a31c3a7487@openmailbox.org> <982A3A02-0DEC-41D3-869A-5B759B9932E0@sebastianhahn.net>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Sebastian Hahn wrote (2016-12-08):
>> On 08 Dec 2016, at 14:03, nusenu <nusenu@xxxxxxxxxxxxxxx> wrote:
>>
>> Dear tor directory authorities,
>>
>> TLDR: Would you blacklist relays with end-to-end correlation capabilities?
>
> 
> I do not think that this is worthwhile. It establishes a precedent where
> setting your contact info is something that gets you banned, potentially
> incorrectly because it's unauthenticated, whereas we're unable to identify
> people who actually maliciously run several relays without such indicators.
> 
> Additionally, it's yet one more thing to update the dirauths' configs
> for, but with rather more overhead as we might get multiple mails back
> and forth about how MyFamily is annoying to maintain, how they're just
> trying to help, etc. All not so bad arguments.
> 
> If we did this, also why would we blacklist the nonexit relays? That
> seems to not make sense, as a relay operator could have multiple relays
> that act as guard and exit simultaneously. I think we'd need to
> blacklist at least all the exit relays, if not all of them. BadExiting
> them would then be the more sensible choice. Scarcity of resources has
> in the past led us to bad designs like Valid/Invalid relays etc, which
> causes way more annoyances than good things.

I understand dir auth operators have limited resources, but if you (most
of the dir auths) agree that blacklisting specific relays to protect tor
end users makes sense:

Would you agree on handling a limited amount (6?) of such 'end-to-end'
cases per year?

I.e. one case every 2 months if the operator has a guard probability
>0.1% and exit_probability >0.1% and didn't fix the problem within a
month after getting contacted?

Note: Luckily the list of such known potential operators is currently
very short (<5).

In the past month I had some positive effect when trying to contact
relay operators [1], but unfortunately the biggest operators (by
consensus weight) are not to motivated to fix their configuration in a
reasonable time frame.

thanks,
nusenu





[1]
https://lists.torproject.org/pipermail/tor-relays/2016-December/011520.html
https://lists.torproject.org/pipermail/tor-relays/2016-December/011507.html
https://lists.torproject.org/pipermail/tor-relays/2016-December/011476.html
https://lists.torproject.org/pipermail/tor-relays/2016-December/011486.html
https://lists.torproject.org/pipermail/tor-relays/2016-December/011521.html
https://lists.torproject.org/pipermail/tor-relays/2016-December/011426.html

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Prev by Author: Re: [tor-dev] ExitPortStatistics interpretation
Next by Author: [tor-dev] ExitPortStatistics interpretation
Next by thread: Re: [tor-dev] non-anonymous ephemeral onion services with stem
Index(es):
- Author
- Thread