[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Version checking (was Re: 25 tbreg relays in directory)
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Version checking (was Re: 25 tbreg relays in directory)
- From: Tripple Moon <tripple.moon@xxxxxxxxx>
- Date: Wed, 29 Apr 2009 03:33:32 -0700 (PDT)
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Wed, 29 Apr 2009 06:33:36 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1241001212; bh=khH+enKYhS1HuzKRmXB67p0qttxF8S0VtqN8vhcjB68=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=MdLkiXAixA9s6T3VkfgosZe504/QaZOHHTNdgznAor/a1EcCfJYpaYczgE2Lc9/nJHi2aBuv5NVh/mCPbs2re6qT100biLGmO3Pmok90/a5iWtSKjrFgaSyNayp2wSMrvszWmJAKc3BLVIogRLgwkTF0cauZhcf8/wmHzaD8AiI=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=q/xv3MsEIUIkUL1iwhhU2Rk4R8jYouNOViU+mi3Mux6oPQEU9L+YdzG7UUk4MHjVX6GlK0EYnxP+AZxv/ET7McyZpVHA2moCHgsk8l6C/9qrkF02cTrOGCSBfY3Y2Hdw0OJE5QUZTC8qeO/K7lKDNIY8pS+bwkbPH2Rn0orR1hI=;
- In-reply-to: <49F72871.5EB13DC5@xxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
--- On Tue, 4/28/09, Jim McClanahan <jimmymac@xxxxxxxxxx> wrote:
> From: Jim McClanahan <jimmymac@xxxxxxxxxx>
> Subject: Re: Version checking (was Re: 25 tbreg relays in directory)
> To: or-talk@xxxxxxxxxxxxx
> Date: Tuesday, April 28, 2009, 12:01 PM
> > By "remotely calculated CRC-value of the
> client" i mean that the
> destination does the CRC calculation of the connecting
> client.
> > Yes this means the client needs to send all of its
> binary-self to the destination.
>
> That would be a pretty big upload for a dial-up user!
yes thats true, i admit thats a valid con argument.
>
> I am also wondering what kind of danger you think a
> *client* can have
> for the Tor network.
Well AFAIK (from reading the global discourse), there seem to be some nodes primarily setup to monitor and/or (try-to) disrupt the data flow of the tor network by using altered clients with "enhanced/added" routines...
Don't ask me to provide links, because i don't keep bookmarks of random info i read while searching for other info...
(It could also be my personal distrustful mind playing tricks on me)
>
> And if somebody wanted to circumvent, I would think the
> client could be
> modified so that when it claimed to be uploading itself, it
> was actually
> uploading a copy of an unmodified binary. Am I missing
> something?
Well yea thats upto the implementation of this behavior, and i wholeheartedly would suggest to _not_ allow any uploads of external files.
By external files i mean using file-open routines, it should only upload the current running instance of the tor-application.
And ofcourse like you already mentioned they could create a modified version which indeed does what you say.
So this is a hard-egg to crack for me personally atm :)
>
> Also what would be gained from a CRC based on the *binary*?
> Wouldn't
> that change according to the system that compiled it?
Yes it *will* chance depending on the compiled (source-)version and architecture and compiler used.
But those variables are far less in quantity as the possible individual modified versions....