[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
RE: FW: I still do not understand...
Thanks for the additional explanation. -Manuel
> -----Original Message-----
> From: owner-or-talk@xxxxxxxxxxxxx
> [mailto:owner-or-talk@xxxxxxxxxxxxx] On Behalf Of Roger Dingledine
> Sent: Wednesday, May 25, 2005 20:40
> To: or-talk@xxxxxxxxxxxxx
> Subject: Re: FW: I still do not understand...
>
>
> On Wed, May 25, 2005 at 02:44:46PM -0700, admin wrote:
> > Why do exit nodes have to be published? Why does the
> address of *any*
> > node have to be published. Is this an inherent property of
> the design,
> > or just an implementation shortcoming?
>
> It is an inherent property of the design that clients need to
> know where
> servers are in order to use them.
>
> There doesn't have to be a central directory, and it doesn't have to
> always contain all of the servers, but in order for clients to use the
> network they need to be able to learn about many of the servers.
>
> And the adversary can be a client too, and learn about many of the
> servers. We can't stop that.
>
> So, we might as well make the engineering easier and centralize some
> parts of it. This also improves our anonymity properties again certain
> attacks like the Sybil attack.
>
> Our stock answer for this is here:
> http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#WhyBlockable
>
> > The current implementation is too easy to censor.
>
> Peekabooty and other systems had designs that aimed to give only a few
> IPs at a time to clients, so they couldn't map the network. I
> never saw
> the specification, so who knows, but I think this is a hard problem.
> Feel free to solve it for us and let us know how to do it. :)
>
> > At least leave it up to the local node. Make an unpublished
> / unlisted
> > option just as in pots, and not for testing purposes.
>
> You're free to run an unlisted node. Add
>
> NoPublish 1
>
> to your torrc, and it won't upload your descriptor to the central
> dirservers. Then clients can get your descriptor out-of-band, import
> it via the controller interface, and use it however they like. Heck,
> you can even go a step farther and specify your own dirservers. Or use
> the three that we provide plus a fourth sekrit one. Tor aims to be a
> unifying protocol, and people can build whatever topologies
> they want on
> top of it. We also happen to provide one such example
> topology currently.
>
> --Roger
>