[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] design for a Tor router without anonymity compromises



On 5/3/15, intrigeri <intrigeri@xxxxxxxx> wrote:
> ...
> Just to clarify, the threat model explicitly doesn't include "Attacker
> is able to reconfigure Tor on a client system to use an arbitrary set
> of bridges", right?

correct.

neither bridges nor pluggable transports are supported. i have added a
FAQ entry for this. thanks!

in the future, it would be useful to have a way to securely distribute
bridges or obfuscated proxies to trusted user on the local network.
however, this is not a trivial task, and you'd want to avoid
compromising all of your bridges at once if a failure occurs.


last but not least, if your attacker is coordinating the attack over
Tor, obviously this cannot be thwarted at the local network level by a
Tor router device. host security is critical, even with a Tor
enforcing router as backup. that's a longer subject i need to think
about more before writing anything useful.


best regards,
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev