[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Policy for new Tor dirservers



On Thu, Mar 23, 2006 at 08:41:35AM +0100, Stefan Köpsell wrote:
> Hello,
> 
> > Here are two more than have been suggested to me:
> > 
> >   - An addendum to the "if somebody asks you to backdoor your server"
> >     above: if you fail to fight it, you must shut down the Tor server
> >     and notify us that you have.
> 
> Maybe you have to substitute "must" with "should" -- because it may possible that in some jurisdictions the shut down may not be an
> option.
> 

The policy should explicitly require that which it is intended to
require. Any nontrivial policy for computer usage may violate other
constraints in some settings. If a policy merely says things like,
"one should try as best as one can to follow these guidelines" then
someone can be compliant with both the policy and the other
constraints while still violating the intent of the policy.

Think about GPL: If you can't meet the conditions of the license and
some other constraint that you are under, then you have no
license. Now the goal here is to set a policy not issue licenses. But
if someone must violate the intent of the policy to comply with some
other constraint, then to the extent it can, the policy should make
this violation explicit.  There need be no judgement as to whose fault
it is that the violation occurred, i.e., we need not ask whether it
was freely done or coerced: the important thing for the policy
to capture is that there is a (n explicit) violation.

Another explicitness point related to this: If your concern is that
the server is backdoored, rather than raise whether or not the
operator made the right effort, you should just say (something like)
"Your server must not contain backdoors.  You must shut down your
server rather than run it with a backdoor. If it is shutdown, you must
notify us that it has been shutdown."

Notice the structure too. You want two statements:

If foo, you must do bar. and,
If bar,  you must do snaf.
rather than
If foo, you must do bar and snaf.

In the event of failure, I assume you want to be able to say where it
occurred. (Cf. WSAENOBUFS ;>)

aloha,
Paul