[tor-dev] Much-revised draft, RFC: removing current obsolete clients from the network

[Spencer <spencerone@xxxxxxxxxxxxxxx>]

Hi,

> Nick Mathewson:
> I should try to clarify!

Awesome!

> questions don't seem to apply to proposal 266

They are about the central control of a [somewhat] distributed network, 
specifically, the execution of clients on behalf of the operator.

So, #264 & #266.

> I've tried to split the first version of the
> proposal into 2.

I understand the proposals as:

> > prop#264 is for how things _should_ work ;
> > prop#266 is what we do in the absence of
> > client-side support in existing Tor versions.
> >
> > anybody who doesn't know how to die via prop264
> > will be killable in whatever way we choose for prop266.

And would recommend the titles [though obviously not as relevant as the 
contents]:

'How to ensure client death'

'How to kill clients that wont die'

> I'm not aware of anything published.

Bummer ):

> reasons:
>
>   1) A non-updated Tor is insecure.
>   2) the bulk of [some older] deployed versions appear
>      to be defunct botnets
>   3) [Depreciated] features

Word.

> impact is so large it requires this level of action

Where can this impact be studied?

Given there is no research, there must be a way to visualize the impact.

> Windows XP clients still running today, making the
> internet less secure.

Business clients pay money to keep MS supporting XP systems, though that 
doesn't weaken the internet as a whole.

> every current Tor MAY eventually prove so broken it
> needs to go away

Word.

It feels like a decision that the operator should make but I kind of see 
the issue with abandoned clients.

The poison consensus seems fun.

Thanks for taking the time to write, it means a lot (:

Wordlife,
Spencer



_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev