Hi, * Nick Mathewson <nickm@xxxxxxxxxxxxx> [060828 04:44]: > Another note: if people want to continue running these checks against > exits (and I hope you do!) I'd suggest you keep what, exactly, you're > checking for a secret until *after* you run each round of tests. Then > announce the results, release the source, and think of more stuff to > test for. Releasing the source will help other people check out > whether the network is behaving correctly, but keeping mum about what > you're checking for will keep dishonest/broken people from changing > their behavior before you can find them out. That security by obscurity approach won't work. If someone trys to attack the tor network we should assume that this person knows what he/she is doing. So keeping the test method a secret will hinder the good guys from making sure that this old attack does not persist any more. In my opinion this also goes for any check at the directory server level. Checks will get implemented, worked around, refined, etc... So one should not believe that just implementing one cure for an attack will make your system secure forever. Mike's investigation just pointed out that the "race" is already "on". Most of the people on this list may already know this, but I felt like pointing this out again at this point in the conversation. Best regards, Christian -- You may use my gpg key for replies: pub 1024D/47F79788 2005/02/02 Christian Kellermann (C-Keen)
Attachment:
pgpGmc2eZZXnb.pgp
Description: PGP signature