[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Tor bug?: AllowInvalidNodes

On Wed, Aug 16, 2006  Nick Mathewson wrote:
>On Wed, Aug 16, 2006 at 06:57:23PM +0000, crackedactor@xxxxxxxxxxx wrote:
>> This is all very worrying.
>> First I find out that my torcc config file which is configured to
>> "AllowUnverifiedNodes middle,rendezvous" is a no longer valid config
>> statement.
>> Then I find out that the replacement "AllowInvalidNodes
>> middle,rendezvous" doesnt work.
>It works. It just doesn't mean what you thought.

You obviously didnt read Arrakistor 16 August 2006 00:44 Tor bug?:  AllowInvalidNodes

who wrote

"Roger, Nick, et al,

Tor *.23

AllowInvalidNodes  seems  to  having a problem.  We've  tried a few versions,
including the deprecated AllowUnverifiedNodes to no avail. However the
exit node of the circuit is still often invalid according to

Is this a bug in serifos possibly?

Here are the reoccurring offenders of invalid exit nodes that seems be
worming in:

To see the thread regarding this issue,


Or are you questioning his observations?

>> Now I find out that it was never intended to work and that it was
>> never an  "AllowUnverifiedNodes" replacement.
>Sure it was.  "Unverified" and "Invalid" are the same concept:
>'attested to as likely to be okay by the directory server.'  The only
>that has changed is the name.

Did you read Roger Dingledine 16 Aug 2006 13:42:17 -0400   Re: Tor bug?: AllowInvalidNodes

who wrote (short version):

"The fundamental confusion here is that the word 'invalid' means many
things to many people, but it means pretty much nothing to Tor. The
exit.pl script that Geoff wrote and runs on Serifos uses the phrase "not
a valid Tor server" to mean "not a Tor server as far as I know". The
word "valid" with respect to the AllowInvalidNodes config option is
simply defined as "not manually designed by the directory authorities
as invalid".


Are you argueing with this definition of INVALID as opposed to the original "Unverified" definition? Or are you now informing us that for some whole now the term "unverified" has always mbeen meaningless? if so for how long has this been so?)

>Why did we change the name?

I dont recall asking that question.

>Because "Verified" was a stupid name.  It implied that we had a good
>way to go out and tell whether a node's operator was honest, upright,
>and competent, and whether the node was physically secure and
It implied you at least knew who they said they were (not that you knew they were what they said).  
>If you were under the impression that we had a way to do this, sorry.

I'm touched by your sincerity.

>If you know a way to do this, please let us know.  We're all ears.
>Please keep in mind that we haven't got much cash to do this with, and
>what cash we do have, we'd rather spend on rent and food and)
>developing Tor.

You poor penniless, overworked person. Why dont you ask all the VERIFIED TOR operators to VERIFY the new TOR operators, within say 50-100miles (100-200km) of them (or closest one).

I'll do 100mile radius (UK) of Portsmouth UK - but only if you "veryify" me. 

>> If some "unverifiednode" exit server adversary has set themselves up
>> in business of monitoring TOR users then isnt it because
>> "AllowUnverifiedNodes" was removed (effectively).
>Right, you're confirming that we were right to change "Verified" to
>"Valid".  Apparently, you *did* think that "verified" was a magicial
>stamp of good intentions.
Well darling that is what it said... no?
>> Personally, I think its irrelevant today, that at one time persons
>> had to be known personally to run a verified server. Quaint but
>> irrelevant. But hey, I dont mind having someone round to my place
>> from the UK to verify me. Why not have 3 levels of security - level
>> 2 - Registered - just what we have now. Level 1 - Verified - visit
>> their setup. Level 3 - unregistered & unverified. And give us a
>> config statement to use these levels or not.
>Dude, we're not going to impose a worldwide server auditing system.
>We're not going to visit server operators' houses.   Even if it did,
>what would it prove?  Any organization could set up servers in a bunch
>of its members' houses.  Are we supposed to do background checks?
Chikita, you really must put your thinking cap on and stop ignoring the obvious. I said..

Level 2 - registered - eg those that register their server name, provide their real name and address. Do a web credit check - simple and cheap. Get them to donate a COUPLE OF DOLLARS FOR THAT. Just send them a registration code in the post to their credit card address - the one they donated with and the address they gave for it. Of course they can still forge this - but would they? With lots of servers?

Level 1 - verified - eg a visit from a VERIFIED operator after provision (copies) of household bills, local tax statement, or identification of company or org if an org, isp verification. Once again, of course they can still forge this darling - but would they? With lots of servers?

You could even sub-level the Levels with a safety value.

>> On a related issue, I have attempted to the "ExcludeNodes" config
>> and it doesnt seem to work. I am sure that of the dozens of nodes
>> I've tried to exclude (and failed to exclude - test only) ALL of
>> them cannot be my "guard" nodes. Ok this might only be winOS,
>> perhaps everyone should check it out for themselves. Just to be
>> sure. I've noticed others have seen similar. Re-check.
>ExcludeNodes *is* supposed to work.  If it doesn't, submit a bug
>report.  Warning! You will need to describe *exactly* what you did,
>and *exactly* what Tor did in response.  Logs will help. This is too
>hard for many people.

Well hey thankyou for the advice. Without Vidalia working on Win2k i'm stuffed, buit then you knew that didnt you.  

>frustratedly yrs,

I believe you. Its always frustrating when people start asking questions about subjects you would really like swept under the carpet and forgotten.

Just remember to answer them with politeness and integrity. And you wont go far wrong. If not you might be mistaken for a dictatorial pleb with an axe to grind.

>Nick Mathewson

Message sent with Supanet E-mail

Signup to supanet at https://signup.supanet.com/cgi-bin/signup?_origin=sigwebmail