[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Holy shit I caught 1



Hi,

* Nick Mathewson <nickm@xxxxxxxxxxxxx> [060828 04:44]:
> Another note: if people want to continue running these checks against
> exits (and I hope you do!) I'd suggest you keep what, exactly, you're
> checking for a secret until *after* you run each round of tests.  Then
> announce the results, release the source, and think of more stuff to
> test for.  Releasing the source will help other people check out
> whether the network is behaving correctly, but keeping mum about what
> you're checking for will keep dishonest/broken people from changing
> their behavior before you can find them out.

That security by obscurity approach won't work. If someone trys to
attack the tor network we should assume that this person knows what
he/she is doing. So keeping the test method a secret will hinder the
good guys from making sure that this old attack does not persist any
more.

In my opinion this also goes for any check at the directory server
level. Checks will get implemented, worked around, refined, etc...

So one should not believe that just implementing one cure for an
attack will make your system secure forever. Mike's investigation
just pointed out that the "race" is already "on". Most of the people
on this list may already know this, but I felt like pointing this
out again at this point in the conversation.

Best regards,

Christian

-- 
You may use my gpg key for replies:
pub  1024D/47F79788 2005/02/02 Christian Kellermann (C-Keen)

Attachment: pgpGmc2eZZXnb.pgp
Description: PGP signature