[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: FW: I still do not understand...

On Wed, May 25, 2005 at 02:44:46PM -0700, admin wrote:
> Why do exit nodes have to be published? Why does the address of *any*
> node have to be published. Is this an inherent property of the design,
> or just an implementation shortcoming?

It is an inherent property of the design that clients need to know where
servers are in order to use them.

There doesn't have to be a central directory, and it doesn't have to
always contain all of the servers, but in order for clients to use the
network they need to be able to learn about many of the servers.

And the adversary can be a client too, and learn about many of the
servers. We can't stop that.

So, we might as well make the engineering easier and centralize some
parts of it. This also improves our anonymity properties again certain
attacks like the Sybil attack.

Our stock answer for this is here:

>  The current implementation is too easy to censor.

Peekabooty and other systems had designs that aimed to give only a few
IPs at a time to clients, so they couldn't map the network. I never saw
the specification, so who knows, but I think this is a hard problem.
Feel free to solve it for us and let us know how to do it. :)

> At least leave it up to the local node. Make an unpublished / unlisted
> option just as in pots, and not for testing purposes.

You're free to run an unlisted node. Add

NoPublish 1

to your torrc, and it won't upload your descriptor to the central
dirservers. Then clients can get your descriptor out-of-band, import
it via the controller interface, and use it however they like. Heck,
you can even go a step farther and specify your own dirservers. Or use
the three that we provide plus a fourth sekrit one. Tor aims to be a
unifying protocol, and people can build whatever topologies they want on
top of it. We also happen to provide one such example topology currently.