[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Control Spec Addition First Draft

To: or-dev@xxxxxxxxxxxxx
Subject: Re: Control Spec Addition First Draft
From: Sebastian Hahn <hahn.seb@xxxxxx>
Date: Thu, 4 Mar 2010 03:52:20 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-dev-outgoing@xxxxxxxx
Delivered-to: or-dev@xxxxxxxx
Delivery-date: Wed, 03 Mar 2010 21:52:56 -0500
In-reply-to: <b89309181001231658p1e8ffd0bt1f8b9008996f3545@xxxxxxxxxxxxxx>
References: <b89309180912122024pcbf2febt2cfc11da76192471@xxxxxxxxxxxxxx> <b89309180912161824y536c711do8a1ea80e76bd8cf@xxxxxxxxxxxxxx> <4FC800DB-DBBF-4D72-BC76-2A3BA4C17C7D@xxxxxx> <b89309180912201424k54506ab6yc477bf67a798ae0b@xxxxxxxxxxxxxx> <b89309181001231658p1e8ffd0bt1f8b9008996f3545@xxxxxxxxxxxxxx>
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-dev@xxxxxxxxxxxxx

Hey,

my comments inline below.

On Jan 24, 2010, at 1:58 AM, Damian Johnson wrote:

Hi all. This proposal doesn't seem to be going anywhere so thought Ishould give it one last nudge before moving on to more worthwhilework. The issue's sticking point seems to be a difference of opinionabout what constitutes relay evilness. Nick, Jake, and Sebastian allbelieve in a hard line stance against any retrieval of connectioninformation (netstat, lsof, etc). I disagree, and think this isharmless unless stored or communicated. Unless this can be resolvedI think it's obvious the proposal isn't going anywhere.
Please note that I'm discussing relay to relay connections at themoment. If we can't even agree on that then client and exitconnections are a moot point (and besides, I agree they shoulddefinitely be hidden from relay operators - personally I think it'sthe responsibility of client applications like vidalia and arm toscrub this data, but that's a different discussion...).

This seems to change the original intent of the proposal, which was(afaiui) to get a listing of all connections from Tor. I wouldn't minddoing that at all. It does, however, depend on the implementation ofproposal 163 (detecting clients), because otherwise Tor itself cannotreliably differentiate in all cases.

Just to be clear I agree this proposal should be killed if it posesa threat to Tor users. However, I don't believe it does and stillhave yet to hear an example of any sort of threat it aggravates.Without that I'm a bit puzzled at the source of objections. If thechief issue is legal or not wanting to risk the appearance ofsupporting snooping that's fine (strikes me as political posing ifthere's no actual benefits to users, but cest la vi).

If you change it to be explicit about the fact that you do not want toshow exit/guard connections, I think this would be ok. It needs to beactually spelt out, though.

My bias is toward safety for relay operators and I'm glad to seeothers biased toward user privacy pushing back. Hopefully we'll beable to find something acceptable to all parties concerned but ifnot it won't be the end of the world. Cheers! -Damian

Just to see if others are interested in moving this along, or ifeveryone wants to kill it.


Sebastian

Follow-Ups:
- Re: Control Spec Addition First Draft
  - From: Damian Johnson

Prev by Author: Re: Proposal idea: User path configuration
Next by Author: Proposal idea: User path configuration
Next by thread: Re: Control Spec Addition First Draft
Index(es):
- Author
- Thread