[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Version checking (was Re: 25 tbreg relays in directory)



Tripple Moon wrote:

> IMHO, all and i mean *all* modifications of the original code and/or design should be committed to the development-tree, that's how things get improved and fixed etc by the community that maintains the development of the project.

The problem with your logic (leaving aside the questions of whether it
is desire or doable) is that it is *source* code that gets committed to
the development tree, but you are wanting to authenticate against
*object* code (at least that's what it used to be called), i.e.,
binaries.  If there were a way to authenticate against *source* code
(yeah, right) then your plan might be doable, even if not desirable. 
But when I compile my code (and I do), the resulting binary is dependent
on the particulars of my system.  I suspect if I compiled it on two
different machines (and I have) I would get two different binaries even
when I start with the same source.

> If the tor application wont get means to authenticate itself's
internals, then im afraid (IMHO) we will be looking at a future with
*many* independent tor networks who are not connected to each others
cloud because of differences...

The need is for the code to be interoperable.  Interoperability is a
much lower threshold than authenticating binaries people run. 
Presumably your desire to authenticate stems from lack of trust -- i.e.
fear of an attacker.   But attackers are (or can be) clever and I don't
think that even in *prinicple* you can reliably authenticate w/o
requiring things that would destroy anonymity.  That is, before you can
trust me, you have to know who I am (with certainty) and what I am
doing.  If you don't know who I am I can tell you anything I want (such
as what binary I'm running) and you won't know the difference.