[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Automatic vulnerability scanning of Tor Network?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Tue, 20 Dec 2011 22:20:27 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 20 Dec 2011 22:20:44 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=0zvpO1g/3RFJau2+sdRqW02yFbkeo1b8+Q3363Id2Ms=; b=jeW0camdg/LsdUlftRwOtqJHALTkawWOHpn94k1zvyjzrm7yyv6mo+58Y8y2PcmtMg wgz0ylEZXoC5zNT9/+pNZUoXoRCJZ5qJnK4jN4tSSLQJJU9GOfNSeNZ6j4V71I7vKfJd hw6I0py0mxmNJymQ6cXvKq9Q5voapFjOdAB8Q=
In-reply-to: <CAKDKvuxrrZqSpFJmtx0nwR+cm1MSxyLfyaYKAdr_AWeN9WC8Fw@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4EF04331.20708@xxxxxxxxxxxxxxx> <CAD8GWstvNas1A8oqPUmruHGFSHvPkGaER+3WdjHa910ZZoqC-w@xxxxxxxxxxxxxx> <4EF0D586.7040305@xxxxxxxxxxxxxxx> <CAKDKvuxrrZqSpFJmtx0nwR+cm1MSxyLfyaYKAdr_AWeN9WC8Fw@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

> For my own part, I am perfectly fine with the idea of working *with*
> server operators to help them secure their systems, and with making
> sure that only secure systems are on the network. ÂBut efforts in this
> area need to work with the foreknowledge and consent of node
> operators, and not alienate our volunteer community. ÂAlso, the
> appropriate response to horribly insecure servers on the network would
> be to inform the operators and de-list the servers if they didn't get
> fixed--not to publicly post them but leave them on the network. ÂThat
> would be the worst of all worlds.

Formal scanning, best practices, contracts, etc are great and highly
suggested. However, many of us do precisely this in real life. We know
how hard it is, even in small numbers and with complete authority
and consent. Attempting to apply these practices to Tor, and expecting
the Tor Project to house it would be a laughable proposition.

A scanme flag in the relay descriptor could be interesting. But as before,
it's work, what does it mean, to who, and who would adhere to it.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Automatic vulnerability scanning of Tor Network?
  - From: Fabio Pietrosanti (naif)
- Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
  - From: Lee
- Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
  - From: Fabio Pietrosanti (naif)
- Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
  - From: Nick Mathewson

Prev by Author: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
Next by Author: Re: [tor-talk] On verifying security of Tor Routers idea
Previous by thread: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
Next by thread: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
Index(es):
- Author
- Thread