[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Version checking (was Re: 25 tbreg relays in directory)

On Tue, 2009-04-28 at 03:01 -0700, Tripple Moon wrote:
> --- On Tue, 4/28/09, Scott Bennett <bennett@xxxxxxxxxx> wrote:
> > From: Scott Bennett <bennett@xxxxxxxxxx> > Subject: Re: 25 tbreg
>  relays in directory > To: or-talk@xxxxxxxxxxxxx > Date: Tuesday, April
>  28, 2009, 12:57 AM [cut for clarity] >      That brings up something
>  that has bothered me for a > long time.  When > tor discovers that its
>  version doesn't match any in > either client-versions > or
>  server-versions, it currently writes complaints about it > to the
>  log(s), > but seems to do nothing further about it.  I'd like to > see
>  either of the > following. > > 	a) Addition of three lines to the
>  consensus documents to > prevent use > 	   of unsafe versions of tor
>  [etc...cut for clarity] I also agree that there should be version
>  checking, i didn't even know it wasn't done so already... :( I would
>  furthermore suggest to build a version fingerprint that uses some
>  remotely calculated CRC value of the client. My reason for that is to
>  prevent the tor network to be poluted by specialy "tweaked/altered"
>  versions, which might endanger the security of the whole network. (Let
>  your imagination do a free run on possibilities in such cases). By
>  "remotely calculated CRC-value of the client" i mean that the
>  destination does the CRC calculation of the connecting client. Yes
>  this means the client needs to send all of its binary-self to the
>  destination. After this CRC-value has been calculated _once_ by a
>  destination, that destination should announce the presence of the
>  client to the whole network if its a valid client (not matter in what
>  mode it runs). These CRC-values could be centrally maintained by the
>  tor-development center and made accessible public or by a hidden
>  service.
> IMHO, this kind of "login procedure to enter the tor-network" will make it more secure and manageable.
> Again, i have _no_ idea at present how the tor program handles things at present, so if its already done like that or even better just disregard what i wrote :D
So you propose sending the whole of the Tor binary over the network,
having the authority do a CRC on it, and using that to check for
validity? Just making sure I have the right impression.

Attachment: signature.asc
Description: This is a digitally signed message part