On Tue, 2009-04-28 at 03:01 -0700, Tripple Moon wrote: > --- On Tue, 4/28/09, Scott Bennett <bennett@xxxxxxxxxx> wrote: > > > From: Scott Bennett <bennett@xxxxxxxxxx> > Subject: Re: 25 tbreg > relays in directory > To: or-talk@xxxxxxxxxxxxx > Date: Tuesday, April > 28, 2009, 12:57 AM [cut for clarity] > That brings up something > that has bothered me for a > long time. When > tor discovers that its > version doesn't match any in > either client-versions > or > server-versions, it currently writes complaints about it > to the > log(s), > but seems to do nothing further about it. I'd like to > see > either of the > following. > > a) Addition of three lines to the > consensus documents to > prevent use > of unsafe versions of tor > [etc...cut for clarity] I also agree that there should be version > checking, i didn't even know it wasn't done so already... :( I would > furthermore suggest to build a version fingerprint that uses some > remotely calculated CRC value of the client. My reason for that is to > prevent the tor network to be poluted by specialy "tweaked/altered" > versions, which might endanger the security of the whole network. (Let > your imagination do a free run on possibilities in such cases). By > "remotely calculated CRC-value of the client" i mean that the > destination does the CRC calculation of the connecting client. Yes > this means the client needs to send all of its binary-self to the > destination. After this CRC-value has been calculated _once_ by a > destination, that destination should announce the presence of the > client to the whole network if its a valid client (not matter in what > mode it runs). These CRC-values could be centrally maintained by the > tor-development center and made accessible public or by a hidden > service. > > IMHO, this kind of "login procedure to enter the tor-network" will make it more secure and manageable. > Again, i have _no_ idea at present how the tor program handles things at present, so if its already done like that or even better just disregard what i wrote :D > > So you propose sending the whole of the Tor binary over the network, having the authority do a CRC on it, and using that to check for validity? Just making sure I have the right impression.
Attachment:
signature.asc
Description: This is a digitally signed message part