[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Why make bad-relays a closed mailing list?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

>> What would be the catch with making these reports and discussion
>>> public? Would it help bad actors? They will eventually find out
>>> about the consensus changes anyway, no?
> I think we need to distinguish between the report and the
> discussion. Ultimately, a report that is acted upon *cannot* remain
> secret.  As soon as a relay gets the BadExit flag, the operator can
> figure out that they got caught.  As a result, I believe that the
> mere fact that a relay was blocked (via BadExit or reject) can be
> published.  There is an ongoing discussion if we should do that.
> 
> The discussion of observed malicious behaviour, however, can give
> the attacker a lot of knowledge which they can exploit in order to
> evade detection in the future.  Consider, for example, an HTTPS
> MitM attack which targets a small number of web sites.  If somebody
> reports only one of these targets, the attacker can spawn a new
> relay after discovery and simply reduce the set of targeted sites
> in order to remain under the radar.  This seems to be an uphill
> battle and it's difficult to have full transparency without giving
> dedicated adversaries a big advantage.

You might find the proven approach used in other areas (security bugs)
a viable option:

Keep the discussion private until a decission has been reached, make
it (the discussion) public once the report has been closed (whether
with or without a flag or reject entry).

This allows for transparency while at the same time shouldn't
interfere with ongoing investigations.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJT2pdXAAoJEDcK3SCCSvoedmcP/jHkpAl9BrMmDGyFANWZyq0P
LHE83kCDHp52aGlLW46thjX0W9XEGaPM+bEjyuadL1wQZ6xCqzjqNz+onUP0Ry8y
Zr4mHJcWNQHHuRymFOBFmPyQcgaR633ZCbOLfluVWTyj5KGRgqDv3oXm9saz/T5M
CQr3SPsBtvPToPRgUHr0iUMBpy1L10IX8vcfwQXlk6gchQFP6sNdvWo/uUQB2Q4Q
zX8OPNVZPogBBMcrJ0LFMw1J+cCKwIddgp2vdE7HIoxOTWGF9EpBIGf5kWwoiFV0
tMFT1CmAID5qSYb3FXyh0WqjIueFcQypiD+WJNgMrFTG6RGx8dyp+oYiVucvg0o1
STWJrk2mGWj6NlBnCnDCvey1tE63wT3gYvnT5I1czNotTunWgPwwvlUd778AkbFz
YccPGuReELp29jyn5VjjwL3SmRzbjsaB/kFzUi2zLXc5xZtJ6ZkbayGt/rSNnjwS
2bjsGievaaG2oMMdTQAzG5daYlO52W6FKfgp8Ee6q8hh9D9dxb04TDA3hT7fLqYA
yiklsq0e+xs1qsgIgUJMNji8JvqNy17VecK3MG3DqbeeGNZBr2BaTynFwGGu4KMI
IyvW++I5p5C4tT40QAn+56nPixKW/4cTD+W6Wprw0Ff7jC6HyFz5RyJBpiyMnxkn
epZtvx0krEpg/0zQ3knL
=lXAd
-----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk