[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: The use of malicious botnets to disrupt The Onion Router

Chad Z. Hower aka Kudzu wrote:
A manually administered . . . centralized list? Because, call me crazy,
but a centralized list of "authorized routers" has some very, very
obvious flaws in it, both technical and security-related.

Maybe a trust model? Ie like Facebook.. I trust my friends.. they trust
their friends... Removes some anon a bit ... but if you have 3 levels as I
believe TOR does should provide some reasonable level of anonymity and maybe
what is sacrificed could be recompensated by other means.

Nice thougt, but on second thought impracticable for various reasons: as you pointed out, it sacrifices security, which IMO is not up for discussion. Also, it would become much harder for new tor nodes to be added to the network (I, for example, do not know any other tor operators personally) and therefore would also sacrifice potential capacities and performance. Plus, we don't really gain any security, since an "attacker" would only have to gain the trust of one established operator with one legitimate node to add the imaginary thousands of illegitimate others to his trust list and therefore to the web of trust.

Just my thoughts...