> [snip] > The trouble here is that if we make family declarations one-sided, then > I can tell everybody that I'm in blutmagie's family (and X's family and > Y's family and Z's family and ...), and suddenly I'm influencing the > path selection of other clients in a way I shouldn't be able to. > > We need to have each set of relays in a family declare the others, > or it's open to attacks like this. Could there perhaps be some way of making a private key of some sort for a family? i.e instead of listing all the members of a family on all nodes and having to update them all the time, one could.. make a private family key and copy it and put it in the config of all nodes in the family?
Attachment:
signature.asc
Description: This is a digitally signed message part.