[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] "Potentially dangerous relay groups"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Personally I like what Petrusko provided the most
> In torrc, an idea...??
>
> *MyFamily http://mydomain.org/myfamily.txt*
the list being a plaintext file of fingerprints seperated by newlines,
and if the server having that family list is not in that mentoined
family list, it's not authorized to be in that family.
Altho this will create an overhead of making a new http request when
looking for an Tor node, which may be a problem. it actually isn't
possibly at all without leaking the real IP to said server, or someone
needs to be more creative then me :s
But on the other hand, if you run more then 4 nodes, just let puppet
or any other system managment tool fill in the MyFamily field,
shouldn't be that hard imo
On 09/28/2016 02:44 PM, Random Tor Node Operator wrote:
> On 09/28/2016 02:01 PM, Chad MILLER wrote:
>> So? A relay can always have behaved badly. What's the harm in
>> you fraudulently claiming to be in family com.example.chadmiller
>> ? A user's path won't have passed through both you and me, but
>> you could have prevented traffic from passing through you any
>> time. At worst, you get to participate in a user's path and
>> exclude me from participating. That's no worse than you setting
>> your machine on fire and me participating.
>
> 1) Bad actor sets up a bunch of relays fraudulently joining the
> majority of other relays. 2) Path selection of clients will now
> effectively prefer the bad actor's relays on which he performs
> eavesdropping, traffic analysis, or other nasty things.
>
> The bad actor could also leave a few of his bad relays without
> family in order not to uncover himself so easily.
>
> I am in favor of a scheme where the process of joining a family is
> authenticated.
>
>
>
>
> _______________________________________________ tor-relays mailing
> list tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCAAGBQJX677wAAoJEE6fMe4ysJ7McdUH/1TzCArbxb0kZ1SDwc1P01LE
5bWvTtFj++C3PqcDzeiN3UrzVwm1AtJLa5pW3yZlAorgHksL98oX/om4EY2DKptz
IpEreQeobE/bd6c9Klhjc+FwVwW6Lb3D61KbeZkxE9+nyXrMjWUS8Nws0REZgKhc
IW6Q6kmuBt48yudbTm/dBAYPPND290ebGDuF7EDhsS9shx3+SxchuXYapwh8S1Xi
mZENyKDqxxcZT/8Ua7xMTreOzFFfscpcbFBnsKCbMjqJg0/bGKENyASoNJVQha7t
xmd5dL4fLyLrDlsi3AK4IVFCuWp3rsFpZZJ5An4FPHUe6NBSAX7pbfRko0cmq/E=
=Xptb
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays