[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Control Spec Addition First Draft


my comments inline below.

On Jan 24, 2010, at 1:58 AM, Damian Johnson wrote:
Hi all. This proposal doesn't seem to be going anywhere so thought I should give it one last nudge before moving on to more worthwhile work. The issue's sticking point seems to be a difference of opinion about what constitutes relay evilness. Nick, Jake, and Sebastian all believe in a hard line stance against any retrieval of connection information (netstat, lsof, etc). I disagree, and think this is harmless unless stored or communicated. Unless this can be resolved I think it's obvious the proposal isn't going anywhere.

Please note that I'm discussing relay to relay connections at the moment. If we can't even agree on that then client and exit connections are a moot point (and besides, I agree they should definitely be hidden from relay operators - personally I think it's the responsibility of client applications like vidalia and arm to scrub this data, but that's a different discussion...).

This seems to change the original intent of the proposal, which was (afaiui) to get a listing of all connections from Tor. I wouldn't mind doing that at all. It does, however, depend on the implementation of proposal 163 (detecting clients), because otherwise Tor itself cannot reliably differentiate in all cases.

Just to be clear I agree this proposal should be killed if it poses a threat to Tor users. However, I don't believe it does and still have yet to hear an example of any sort of threat it aggravates. Without that I'm a bit puzzled at the source of objections. If the chief issue is legal or not wanting to risk the appearance of supporting snooping that's fine (strikes me as political posing if there's no actual benefits to users, but cest la vi).

If you change it to be explicit about the fact that you do not want to show exit/guard connections, I think this would be ok. It needs to be actually spelt out, though.

My bias is toward safety for relay operators and I'm glad to see others biased toward user privacy pushing back. Hopefully we'll be able to find something acceptable to all parties concerned but if not it won't be the end of the world. Cheers! -Damian

Just to see if others are interested in moving this along, or if everyone wants to kill it.