[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Some simple changes to the tor architecture I believe may greatly improve it (errata)
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Some simple changes to the tor architecture I believe may greatly improve it (errata)
- From: "Ringo Kamens" <2600denver@xxxxxxxxx>
- Date: Mon, 15 May 2006 14:24:38 -0700
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Mon, 15 May 2006 17:24:41 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=JCciTf7XE0NfwRebv15Amk7j416IXyS1WDDcItR9S8Gy5rhz4qYHYBnzunrWxuEal7gmmOokYrue6KlhQrkeH6SUvOGWY50/AsYRmsu5P2ih6TCQP1LInOHc+frg3sCSMOQZfcaphImAPRlRd+KbvQNjyDW4auhrTCLQMWbGCCs=
- In-reply-to: <4468A6BD.2090507@ml1.net>
- References: <4468A39C.2080105@ml1.net> <4468A6BD.2090507@ml1.net>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
While this seems good for lots of circumstances, you have to realise that this does stop people from using sites that use IP address authentication or require you to re-login every time you change your IP. Perhaps this could be an option provided in a checkbox?
On 5/15/06, glymr <glymr_darkmoon@xxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
I forgot one extra idea - that of generating a number of different
circuits to be used at any one time (generation could be spaced say 5
minute intervals by the client, circuits more than 4 or maybe 5
generations back could be expunged in a fifo type arrangement) that,
whenever possible will select a random route to establish any new
connection from one of the number of circuits that are built. The
purpose of this specifically is to address the reduction of timing
attacks that are possible against a website - if the client sets up say
3-6 different circuits to retrieve the various different components of a
web page, each circuit will have a different time signature (due to the
viscisitudes of the network) and will make it harder to definitively
establish the origin. (and of course every node being both client and
server further obscures this)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
iD8DBQFEaKa9GkOzwaes7JsRAw1WAJ4w6ksGA9bub++V4DUbPWGR84ATTwCffqPg
lhdTd8Jzh9YZTa8Ukhbkq/8=
=sPG/
-----END PGP SIGNATURE-----