[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Directory Server Decentralization

Thus spake Raynardine (raynardine@xxxxxxxxxxx):

> On 1/30/2013 6:08 PM, Andrew Lewman wrote:
> > PIR-Tor is another idea, not quite DHT, not quite the current model,
> > http://www.usenix.org/events/sec11/tech/full_papers/Mittal.pdf 
> Hmm. I don't think a DHT is strictly-speaking what I'd recommend, but if
> a bunch of men with guns arrested the administrators of the directory
> authorities and demanding their private keys, I doubt that those
> administrators could really limit the scope of damage.

Can you explain why multipath consensus verification would not address
the issues you're concerned about?

> After reading about PIR-Tor, I am not amused and not pleased.

We're also not fully convinced that either TorSK or PIR-TOR solutions
are perfect (or even across-the-board improvements). That's why we
haven't deployed them.

In addition to having their own debatably risky security properties,
each approach will introduce their own new engineering problems,
especially on the load balancing, metrics, and performance end.

> I'm sure you guys would not care if I left, and you probably wouldn't
> care if those I know also left Tor, but if you guys do not take this
> matter seriously, Tor will become irrelevant.

Signed consensus documents that everyone can globally verify are the
best way we know of to "take this matter seriously".

Mike Perry

Attachment: signature.asc
Description: Digital signature

tor-talk mailing list