[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Version checking (was Re: 25 tbreg relays in directory)






--- On Tue, 4/28/09, Ted Smith <teddks@xxxxxxxxx> wrote:

> From: Ted Smith <teddks@xxxxxxxxx>
> Subject: Re: Version checking (was Re: 25 tbreg relays in directory)
> To: or-talk@xxxxxxxxxxxxx
> Date: Tuesday, April 28, 2009, 10:51 PM
> On Tue, 2009-04-28 at 03:01 -0700, Tripple Moon wrote:
> > --- On Tue, 4/28/09, Scott Bennett
> <bennett@xxxxxxxxxx> wrote:
> > 
> > > From: Scott Bennett <bennett@xxxxxxxxxx>
> > Subject: Re: 25 tbreg
> >  relays in directory > To: or-talk@xxxxxxxxxxxxx
> > Date: Tuesday, April
> >  28, 2009, 12:57 AM [cut for clarity] >      That
> brings up something
> >  that has bothered me for a > long time.  When >
> tor discovers that its
> >  version doesn't match any in > either
> client-versions > or
> >  server-versions, it currently writes complaints about
> it > to the
> >  log(s), > but seems to do nothing further about
> it.  I'd like to > see
> >  either of the > following. > > 	a) Addition
> of three lines to the
> >  consensus documents to > prevent use > 	   of
> unsafe versions of tor
> >  [etc...cut for clarity] I also agree that there
> should be version
> >  checking, i didn't even know it wasn't done
> so already... :( I would
> >  furthermore suggest to build a version fingerprint
> that uses some
> >  remotely calculated CRC value of the client. My
> reason for that is to
> >  prevent the tor network to be poluted by specialy
> "tweaked/altered"
> >  versions, which might endanger the security of the
> whole network. (Let
> >  your imagination do a free run on possibilities in
> such cases). By
> >  "remotely calculated CRC-value of the
> client" i mean that the
> >  destination does the CRC calculation of the
> connecting client. Yes
> >  this means the client needs to send all of its
> binary-self to the
> >  destination. After this CRC-value has been calculated
> _once_ by a
> >  destination, that destination should announce the
> presence of the
> >  client to the whole network if its a valid client
> (not matter in what
> >  mode it runs). These CRC-values could be centrally
> maintained by the
> >  tor-development center and made accessible public or
> by a hidden
> >  service.
> > 
> > IMHO, this kind of "login procedure to enter the
> tor-network" will make it more secure and manageable.
> > Again, i have _no_ idea at present how the tor program
> handles things at present, so if its already done like that
> or even better just disregard what i wrote :D
> > 
> >     
> So you propose sending the whole of the Tor binary over the
> network,
> having the authority do a CRC on it, and using that to
> check for
> validity? Just making sure I have the right impression.
Well yes kind-of...
But instead of the binary on file, the binary in memory...
And the check could just as well be done by another already accepted node.
Just like the trust rings work for SSL certificates, when a trusted certifacate issues a trust for another....