[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Version checking (was Re: 25 tbreg relays in directory)

     On Tue, 28 Apr 2009 03:01:30 -0700 (PDT) Tripple Moon
<tripple.moon@xxxxxxxxx> wrote:
>--- On Tue, 4/28/09, Scott Bennett <bennett@xxxxxxxxxx> wrote:
>> From: Scott Bennett <bennett@xxxxxxxxxx>
>> Subject: Re: 25 tbreg relays in directory
>> To: or-talk@xxxxxxxxxxxxx
>> Date: Tuesday, April 28, 2009, 12:57 AM
>[cut for clarity]
>>      That brings up something that has bothered me for a
>> long time.  When
>> tor discovers that its version doesn't match any in
>> either client-versions
>> or server-versions, it currently writes complaints about it
>> to the log(s),
>> but seems to do nothing further about it.  I'd like to
>> see either of the
>> following.
>> 	a) Addition of three lines to the consensus documents to
>> prevent use
>> 	   of unsafe versions of tor
>[etc...cut for clarity]
>I also agree that there should be version checking, i didn't even know it wasn't done so already... :(
>I would furthermore suggest to build a version fingerprint that uses some remotely calculated CRC value of the client.
>My reason for that is to prevent the tor network to be poluted by specialy "tweaked/altered" versions, which might endanger the security of the whole network.
>(Let your imagination do a free run on possibilities in such cases).
>By "remotely calculated CRC-value of the client" i mean that the destination does the CRC calculation of the connecting client.
>Yes this means the client needs to send all of its binary-self to the destination.
>After this CRC-value has been calculated _once_ by a destination, that destination should announce the presence of the client to the whole network if its a valid client (not matter in what mode it runs).
>These CRC-values could be centrally maintained by the tor-development center and made accessible public or by a hidden service.

     Laying aside for the moment the matter of how the rest of the tor nodes
should determine the trustworthiness/credibility of the tor instance making
the announcement or even why the tor network, either as a "whole" or as
individual nodes, should care about the integrity of a client (!), how to you
propose to calculate a verification digest--a CRC would not likely be
considered adequately reliable--based upon the executable binary of software
	a) comes in many successive version,

	b) can be compiled for many hardware architectures, not all of which
	are necessarily known to the developers,

	c) can be compiled for many operating systems, not all of which are
	necessarily known to the developers, and

	d) can be compiled by untold numbers of versions of many compilers,
	not all of which are necessarily known to the developers?

>IMHO, this kind of "login procedure to enter the tor-network" will make it more secure and manageable.

     More secure and manageable for whom??  Big Brother?  Obviously not for
the supposedly anonymous tor user...jeesh.

>Again, i have _no_ idea at present how the tor program handles things at present, so if its already done like that or even better just disregard what i wrote :D
     It doesn't, and it shouldn't.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *