[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Re[2]: [rishab@dxm.org: Re: [silk] inside the Great FireWall...]



i think the answer is, don't distribute the top tier addresses at all.
distribute a collection of randomised node ip's amongst a very large
number of widely distributed nodes, not even tor nodes, to avoid the
port blocking problem, get people to run a small webserver application
for this, which fetches a random set of nodes from the network via a a
tor client/server running on the same system. a lot of these nodes will
be running on dynamic ip's which will make the process of blocking them
harder still.

idk, just throwing in some more ideas. it's pretty obvious that tor
needs to get just that little bit more distributed and less centralised
somehow. the use of dynamic ip addresses, and directory services which
only dispense a small amount of the directory from a web server port.

probably the model which gnutella 2 runs on is a good way to do it... in
the end, it may well be neccessary for clients to actually do port scans
of random ip addresses to find connected nodes and once one is found the
joining of the network is not gonna be slow. and hiding it all in a
common port might be a very good idea, for example, 53, or 21 or 22 or
25 or 80 or 443. once a client joins the network it can cache all the
nodes it gets for circuits. decentralising the database by making it so
nodes only know their neigbours would also be a good thing, requesting
circuits would just be a matter of propagating a request for a circuit
to an internet zone, and it propagates outwards until it hits the zone
and back comes the circuit.

On Sun, 18 Dec 2005 10:15:19 -0600, "Arrakistor" <arrakistor@xxxxxxxxx>
said:
> The  idea  is that the circuit coordination is distributed among three
> layers.  The  first  tier  recieves  info  from  the Tor server saying
> "hello,  I'm alive. Add me to the ultimate list". The second tier gets
> regional  lists from the first tier, so nobody but tier 1 has a global
> view. The third tier is the one that gets a request from the tor user,
> specifying what kind of circuits it wants (fastest, country avoidance,
> specific  servers, whatever) which queries the second tier as to which
> might  be  the best nodes available to the request, to which the third
> tier  then  calculates the possible circuits, and gives one to the tor
> user at random.
> 
> What  happens if tier one is compromised? Everyone gets busted, unless
> the Tor program itself has a way to authenticate if the first tier has
> authority  and  a  true  identity.  And  naturally  there  is internal
> verification of Tier 1, 2, and 3.
> 
> ST
> 
> 
> 
> Sunday, December 18, 2005, 9:32:34 AM, you wrote:
> 
> 
> > What happens if your central coordinator - the one assigning circuits -
> > is compromised?
> 
> > -Ben
> 
> > Arrakistor wrote:
> >> The Chinese government will eventually try to block Tor. This is why I
> >> think  the  next  design,  which  is  to  include a structure for mass
> >> scaling,  should  not  distribute  a  directory  list, but only assign
> >> circuits so the viewers can't get a whole view of the network.
> >> 
> >> ST
> >> 
> >> Sunday, December 18, 2005, 2:03:12 AM, you wrote:
> >> 
> >> 
> >>>i don't know which version of tor is on torpark but i know the alpha
> >>>version, the current and the previous to current ones would sometimes
> >>>take several minutes building the circuits... this might be where the
> >>>problem comes from perhaps? i wonder how long it will take for the
> >>>chinese government to figure out that there is now yet another way to
> >>>bypass their great firewall.
> >> 
> >> 
> >>>On Sun, 18 Dec 2005 01:35:02 -0600, "Arrakistor" <arrakistor@xxxxxxxxx>
> >>>said:
> >>>
> >>>>Yes,  it  works.  I've  read  the  websites  that  are  suggesting the
> >>>>downloads.  For  most  it  works,  for  some,  when they first open it
> >>>>firefox  times  out  so they assume it isn't working. However, it then
> >>>>appears  to  work  just  fine.  I  should have this timeout fixed next
> >>>>version.
> >>>>
> >>>>ST
> >>>>
> >>>>
> >>>>Saturday, December 17, 2005, 10:05:43 AM, you wrote:
> >>>>
> >>>>
> >>>>
> >>>>>I'm seeing plenty of Torpark chinese downloads. Do we know that these do
> >>>>>actually work?
> >>>>
> >>>>>----- Forwarded message from Rishab Aiyer Ghosh <rishab@xxxxxxx> -----
> >>>>
> >>>>>From: Rishab Aiyer Ghosh <rishab@xxxxxxx>
> >>>>>Date: Sat, 17 Dec 2005 15:59:52 +0000
> >>>>>To: silklist@xxxxxxxxxxxxxxxx
> >>>>>Subject: Re: [silk] inside the Great FireWall...
> >>>>>User-Agent: Mutt/1.2.5.1i
> >>>>>Reply-To: silklist@xxxxxxxxxxxxxxxx
> >>>>
> >>>>>using torpark [1] i was able to google for "shanwei" which the
> >>>>>IHT says i should not be able to do [2] and download pictures [3].
> >>>>
> >>>>>-rishab
> >>>>>1.  well... after a few mins, the tor connection died. now can't
> >>>>>connect to any site with tor. so i can't find the torpark url. but
> >>>>>ssh still works.
> >>>>>2. IHT.com, asia section,  "China's tight lid on village
> >>>>>shootings", pg 7. from nytimes. sorry, can't connect now to find
> >>>>>url, have paper in front of me. "until tuesday, web users who
> >>>>>[searched  on google for] Shanwei, the city with jurisdiction over
> >>>>>the village where the demonstration was put down, would find a
> >>>>>handful of pages.... after a few screens of information unrelated to
> >>>>>the incident, the browsers of users who persisted froze..."
> >>>>>3. http://english.epochtimes.com/news/5-12-10/35613.html
> >>>>
> >>>>>----- End forwarded message -----
> >>>>
> >>>>
> >>>>
> >>>>-- 
> >>>>Best regards,
> >>>> Arrakistor                            mailto:arrakistor@xxxxxxxxx
> >>>>
> >>>
> >>>-- 
> >>>  Glymr Darkmoon
> >>>  glymr_darkmoon@xxxxxxx
> >> 
> >> 
> >> 
> >> 
> >> 
> 
> 
> 
> -- 
> Best regards,
>  Arrakistor                            mailto:arrakistor@xxxxxxxxx
> 
-- 
  Glymr Darkmoon
  glymr_darkmoon@xxxxxxx

-- 
http://www.fastmail.fm - Accessible with your email software
                          or over the web