[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Version checking (was Re: 25 tbreg relays in directory)
- To: or-talk@xxxxxxxxxxxxx
- Subject: Version checking (was Re: 25 tbreg relays in directory)
- From: Tripple Moon <tripple.moon@xxxxxxxxx>
- Date: Tue, 28 Apr 2009 03:01:30 -0700 (PDT)
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Tue, 28 Apr 2009 06:01:33 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1240912890; bh=272KgKittP8h/rjM8zl0qDeAROIm4jXpI3EdQVeoDrs=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=2X7n5NYPG4G77Uogj9aFFl9G7LC+DxaITzmXxEnvpDzaD95Aj74TPgHnGI1VkI62YNHljPef8nGpbOZx4SXViTQWd6Pj/WZmNkPtRjpitINIKRIUG+FGRnMXz9Tdw/5euHkTXNatD8oV/2wxMtxcGd5KqxnIpPtyL+nq/c7X5UI=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=mZs330wd4aXIr5bEyyIhF9hajfBLts9vSNZGxv2/kB5eJAf509YQXo3GGvTwfVs9STpdP0tkKTLTqXvk1UXLweBp8qTYzd6Jj+D9WUL0ip6oqa46mQRWDWKOeAN8d8F07gKa9XFwUpMRZJsVvYbtE4ajhDaSfc1TmXZD8BUfEXs=;
- In-reply-to: <200904280457.n3S4vHLN012085@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
--- On Tue, 4/28/09, Scott Bennett <bennett@xxxxxxxxxx> wrote:
> From: Scott Bennett <bennett@xxxxxxxxxx>
> Subject: Re: 25 tbreg relays in directory
> To: or-talk@xxxxxxxxxxxxx
> Date: Tuesday, April 28, 2009, 12:57 AM
[cut for clarity]
> That brings up something that has bothered me for a
> long time. When
> tor discovers that its version doesn't match any in
> either client-versions
> or server-versions, it currently writes complaints about it
> to the log(s),
> but seems to do nothing further about it. I'd like to
> see either of the
> following.
>
> a) Addition of three lines to the consensus documents to
> prevent use
> of unsafe versions of tor
[etc...cut for clarity]
I also agree that there should be version checking, i didn't even know it wasn't done so already... :(
I would furthermore suggest to build a version fingerprint that uses some remotely calculated CRC value of the client.
My reason for that is to prevent the tor network to be poluted by specialy "tweaked/altered" versions, which might endanger the security of the whole network.
(Let your imagination do a free run on possibilities in such cases).
By "remotely calculated CRC-value of the client" i mean that the destination does the CRC calculation of the connecting client.
Yes this means the client needs to send all of its binary-self to the destination.
After this CRC-value has been calculated _once_ by a destination, that destination should announce the presence of the client to the whole network if its a valid client (not matter in what mode it runs).
These CRC-values could be centrally maintained by the tor-development center and made accessible public or by a hidden service.
IMHO, this kind of "login procedure to enter the tor-network" will make it more secure and manageable.
Again, i have _no_ idea at present how the tor program handles things at present, so if its already done like that or even better just disregard what i wrote :D