True, but unless one family controls a large part of the network (which is bad even with the current system), this is barely worse than an attacker flooding the current network with new relays in a family. I believe what you describe is possible in the current system as well. The only thing I can imagine that would make a "FamilyName" system problematic would be if a lot of people left a default or something like "FamilyName family". On 07/22/2015 04:33 PM, nusenu wrote: > > >> Out of curiosity, what is the need for ensuring a node cannot be >> put into a family without its consent? What would be wrong with, >> say, a FamilyName directive? Set the same FamilyName on each node >> you control, and routes will avoid multiples. > > That would give an adversary the ability to reduce the likelihood of > your relays being chosen in a path by adding many relays to your > family (without requiring your consent).. and probably many other things. > > > > _______________________________________________ > tor-relays mailing list > tor-relays@xxxxxxxxxxxxxxxxxxxx > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays