[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Version checking (was Re: 25 tbreg relays in directory)

Nils Vogels wrote:

> IMHO, just adding a list of allowed versions in the consensus will
> accomplish just that, without the need of all that extra traffic and
> CRC complexity.

Use as much donated network capacity as possible without reducing
anonymity by treating exit nodes and other nodes differently:
- Old exit nodes: Use them, but increase the circuit length by 1
- Other old nodes: Don't use them at all

Old versions that are remotely exploitable should be automatically
shutdown. Maybe the directory authorities could instruct them to do that?.
If that's not possible, they should not be listed in the directory to
reduce the risk of them getting compromised. That won't help for
existing nodes with static IP, but it will help in other cases.