[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] suspicious "Relay127001" relays



On 7/6/2016 4:50 PM, Ivan Markin wrote:
> Andreas Krey:
>> That will cause issues for everyone that happens to select your
>> relay and the 'blocked' relays in a circuit - the connections will
>> just fail, and the user will wonder what happened, and why TBB
>> doesn't work.
> 
> Sure, I made a notice that you shouldn't do it if you care about the
> users (may be it was vague):
>> [Note also, that it makes performance poorer compared to the case
>> when it's defined by policy]

Why will you be running a relay if you don't care about the users?
Seriously now.

The path of a circuit is selected by the client (i.e. user). So, each
and every relay / bridge, in order to be considered a valid one, should
be able to extend a circuit when requested to any other relay, otherwise
everything gets broken. Setting this locally at relay side, with no way
for the applied change to reach the Tor client (user) will have terrible
usability effects. Trying to come up with a way so that Tor clients /
users can learn about such changes will over complicate everything with
no benefits and additional attack surface.

By design the only clean way to deal with bad relays is to exclude them
from consensus, a consensus that everyone uses, change applied only at
directory authorities side -- this is why we use the consensus majority
system which is well studied and understood as opposite to other more
decentralized solutions.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays