[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

RE: FW: I still do not understand...



Thanks for the additional explanation. -Manuel

> -----Original Message-----
> From: owner-or-talk@xxxxxxxxxxxxx 
> [mailto:owner-or-talk@xxxxxxxxxxxxx] On Behalf Of Roger Dingledine
> Sent: Wednesday, May 25, 2005 20:40
> To: or-talk@xxxxxxxxxxxxx
> Subject: Re: FW: I still do not understand...
> 
> 
> On Wed, May 25, 2005 at 02:44:46PM -0700, admin wrote:
> > Why do exit nodes have to be published? Why does the 
> address of *any*
> > node have to be published. Is this an inherent property of 
> the design,
> > or just an implementation shortcoming?
> 
> It is an inherent property of the design that clients need to 
> know where
> servers are in order to use them.
> 
> There doesn't have to be a central directory, and it doesn't have to
> always contain all of the servers, but in order for clients to use the
> network they need to be able to learn about many of the servers.
> 
> And the adversary can be a client too, and learn about many of the
> servers. We can't stop that.
> 
> So, we might as well make the engineering easier and centralize some
> parts of it. This also improves our anonymity properties again certain
> attacks like the Sybil attack.
> 
> Our stock answer for this is here:
> http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#WhyBlockable
> 
> >  The current implementation is too easy to censor.
> 
> Peekabooty and other systems had designs that aimed to give only a few
> IPs at a time to clients, so they couldn't map the network. I 
> never saw
> the specification, so who knows, but I think this is a hard problem.
> Feel free to solve it for us and let us know how to do it. :)
> 
> > At least leave it up to the local node. Make an unpublished 
> / unlisted
> > option just as in pots, and not for testing purposes.
> 
> You're free to run an unlisted node. Add
> 
> NoPublish 1
> 
> to your torrc, and it won't upload your descriptor to the central
> dirservers. Then clients can get your descriptor out-of-band, import
> it via the controller interface, and use it however they like. Heck,
> you can even go a step farther and specify your own dirservers. Or use
> the three that we provide plus a fourth sekrit one. Tor aims to be a
> unifying protocol, and people can build whatever topologies 
> they want on
> top of it. We also happen to provide one such example 
> topology currently.
> 
> --Roger
>