[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Ultimate solution

On Sat, Mar 24, 2007 at 11:34:47AM -0400, Freemor wrote:
> On Sat, 2007-24-03 at 08:52 -0400, Paul Syverson wrote:
> > On Sat, Mar 24, 2007 at 12:50:15AM -0400, Freemor wrote:
> > > 
> > > P.s. to the tor Dev's -- Yes, I know TOR is not a security application.
> > > That just snuck in there as I deal with computer security regularly and
> > > often see the same "the computer/internet/isp/mysterious someone" should
> > > take care of that for me mentality.   
> > > 
> > 
> > I don't understand this statement. Tor was reasearched and developed
> > by and for the US DoD as an onion routing project, the explicit purpose
> > of which is security for DoD and other communications:
> > traffic analysis resistance, DoS resistance, personnel protection,
> > etc.
> > 
> > -Paul
> I can see your point and TOR does have some security applications if
> used in properly and with those goals in mind. (i.e. only connecting to
> https or other encrypted endpoints). The main goal of TOR is clearly
> anonymity. If the main goal was security having data leave the exit
> nodes in the clear would be a definite no no. I was also just being
> clear that I did not think of TOR as a
> firewall/antivirus/anti-malware/etc system when I used the term
> Security. 

I'm even more confused. Are you saying anonymity is not a security
property? By "security" are you limiting yourself to confidentiality?
There are many aspects of security, rarely all addressed at once by
any system. One of these is anonymity, which is why one finds
anonymity as a listed topic in the CFP of virtually every major
computer security conference.