Re: [tor-dev] Update of prop#250: Random Number Generation During Tor Voting

Subject: Re: [tor-dev] Update of prop#250: Random Number Generation During Tor Voting

From: Tim Wilson-Brown - teor <teor2345@xxxxxxxxx>

Date: Mon, 2 Nov 2015 17:30:16 +1100

Delivery-date: Mon, 02 Nov 2015 01:30:36 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to; bh=DNXcp1ShuCSDlV+KgRzRnRYMPLtIpSfe1WVSros2qcM=; b=wrsAdof8XonqE6YIV+koRBfW5z/cZJ2KAP2W8CdBuTBO61rmUlxoMz+UqXno/kRk1t 7Bi0wvdwsWMU908ba/YpBDn6bOK8LZQCah70Qj8sMLTDiBLRjkJvgma9A4TDS5Y4hSxG KL2LfjtBXA4H5aqVfXaYe9JBBnwDSvqz4nb8qTL2Jr7FOr+NWUlVztK4HAql33pbtzwF uBRbfrA/X9Sg4zRfQjEGCTXZeWBxI1eGqO3lx/kp8mKlwRkT42fF/maO2E2CQyAK4xtI /Q4Hc4zioc+3kccFJdzvhBSUkDKUorTwLIwGa6YctNpXQS/QySyo09n1HC9Nn5XFKKIS ryKg==

In-reply-to: <87bnbga1rp.fsf@xxxxxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-dev/>

List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>

List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>

List-post: <mailto:tor-dev@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>

References: <mailman.958.1446056811.3006.tor-dev@xxxxxxxxxxxxxxxxxxxx> <5631466A.7090103@xxxxxxxxxx> <87bnbga1rp.fsf@xxxxxxxxxx>

Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 31 Oct 2015, at 01:07, George Kadianakis <desnacked@xxxxxxxxxx> wrote:

Jesse V <kernelcorn@xxxxxxxxxx> writes:

David,

I'm in the midst of reworking my OnioNS design around prop250 (and the security
analysis therein) and as far as I can tell these changes make sense. I like the
00:00 -> 24:00 change as it's more intuitive as you said. I was at first very
concerned that you removed the majority requirement as that is the assumption
made during consensus generation, but I think your argument for the new conflict
resolution make sense. I'm excited that the implementation is nearly complete
and I look forward to seeing it in Tor infrastructure!

Hello Jesse,

thanks for the feedback. Any opinions on whether we should keep the conflict
lines or forget about them, based on David's email and my email?

I just estimated that removing the conflict feature will kill about 400 lines of
code, which is always nice :)

I'm in favour of moving the conflict feature to DocTor or something similar.

Any adversary who can break shared randomness is likely to also be able to break the entire consensus.

And the consensus is a high-value target, whereas shared randomness isn't (yet).

Therefore, I think we could treat any conflicts as bugs or misconfigurations, report them via IRC and a mailing list, and then deal with them on that basis.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev