[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Setting up private Tor network with the real one
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Setting up private Tor network with the real one
- From: "Michael_google gmail_Gersten" <keybounce@xxxxxxxxx>
- Date: Fri, 7 Sep 2007 11:22:42 -0700
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Fri, 07 Sep 2007 14:22:51 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=sWVaJlmo4Omb9KoGASBc+OEqric7q+l6GO3C8UpXzjc=; b=K7iNbgnq/f+vYdRuwQoXTalgohMRjfhj6d/m10Ibbxmk54ee5JJN0JP0aklqZPkxhHjyHTsPKiiWrHd1i4Sb5IPwGlG1n3LRvhCW9gHgdx63WsZSm3CrGb3ccPEa9WYisyZpH1yx5yLpImPzuvEt3cZbZad1GPuN+i4iMSZ+Gr8=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=sF9ZPaC9Udsv42j6SHZN4IbA9HdTLBuyxSw0Ohkwco3RYOHLyTrSPcxSnlNTzEfIz27HnK5Ketz1DAmMR+WlNeEuNXv6JksjhMl0owU2b7mWemgousa9KJQDN4YWjoAdwzC0flSVX2LcVLmI77oKI9xO8yAcqn32WIuYoU46l2k=
- In-reply-to: <983ce21c0709070640l735bc5d1kb2c6ddbe34df2925@xxxxxxxxxxxxxx>
- References: <983ce21c0709070640l735bc5d1kb2c6ddbe34df2925@xxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
In general, you can't, and don't want, different directory servers
telling you about different nodes. Imagine what would happen if one
directory server was compromised, and told you about a set of attacker
nodes.
Now, one place where this setup becomes interesting is if you have a
separate network -- either the corporate internet, or some variation
of IP V8 (maybe a very large ISP, like China, decides to use their own
network numbering with a translating boarder). Then, you could have
two sets of directory authorities, for two sets of destination IP
ranges -- one set of directory authorities for these IP's, and a
different one for those IP's. Then, you might wind up building two
tunnels, one to get to the gateway, and a second to traverse the
second network on the other side.