[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Version checking (was Re: 25 tbreg relays in directory)

first off, please only reply to the mailing-list address otherwise ppl like me are getting your messages double, just like you will get now...

--- On Tue, 4/28/09, Scott Bennett <bennett@xxxxxxxxxx> wrote:
[cut for clarity]
>      Laying aside for the moment the matter of how the rest
> of the tor nodes
> should determine the trustworthiness/credibility of the tor
> instance making
> the announcement or even why the tor network, either as a
> "whole" or as
> individual nodes, should care about the integrity of a
> client (!), how to you
> propose to calculate a verification digest--a CRC would not
> likely be
> considered adequately reliable--based upon the executable
> binary of software
> that
> 	a) comes in many successive version,
> 	b) can be compiled for many hardware architectures, not
> all of which
> 	are necessarily known to the developers,
> 	c) can be compiled for many operating systems, not all of
> which are
> 	necessarily known to the developers, and
> 	d) can be compiled by untold numbers of versions of many
> compilers,
> 	not all of which are necessarily known to the developers?
All of the above can be waifed void, when those versions are announced on the mailing list.
> >IMHO, this kind of "login procedure to enter the
> tor-network" will make it more secure and manageable.
>      More secure and manageable for whom??  Big Brother? 
> Obviously not for
> the supposedly anonymous tor user...jeesh.
Ofcourse not silly....
- More secure for the "anonymous tor user" because he will be forced to upgrade its client to stay connected to the tor-network, if (s)he doesn't upgrade his/her insecure client (s)he will be denied by other tor's to the network.
- More manageable for the tor development team, because they will know exactly which versions are being used by current users of the tor program.
> >Again, i have _no_ idea at present how the tor program
> handles things at present, so if its already done like that
> or even better just disregard what i wrote :D
> >
>      It doesn't, and it shouldn't.