[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] MyFamily requires a mutual agreement



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

> This makes for an interesting counter-example: if the MyFamily 
> declaration was used as reason for setting BadExit on related
> exits, a malicious adversary could set their MyFamily to the same
> as a good exit cluster, and then intentionally behave badly, in
> order to get the good cluster flagged as BadExit.
> 
> My point is, the MyFamily declaration is completely
> unauthenticated, and cannot be relied upon for anything more than
> providing contact information. There is a newer iteration being
> discussed that would prevent relays from joining families without
> permission, but then a malicious exit provider would have even less
> motivation to set it up.

Since MyFamily declarations have to be mutual to actually build a Family
group, your described attack scenario does not work.

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVPQsBAAoJEFv7XvVCELh0vqMP+wQZMKcUT1glEMNZ9cjnFHYJ
Xe88I8SBfLUm3+cRIMaxDkA+92X7UqDbB30tL65WsDOq4IQVHeVqT9NeR/b4aPAP
Yabb2SBsiOIqYW1V4E92OdxiW7oUHeG7hGd1BCis8AE7dY/D8UQ5etvQEqKw3oTE
wQHtcCO6kLDbACGe8l0cUmJNL1Qb4dHEfupP11wCdics9PW7HAF6xvW8jgaOT5bK
aVjmMuKCIGwIOU/9gPgLVY+bqX+ORnR12iGUlpsWJrkXEumG+ZMW8H2Jn7p43ALc
7Syf+pLNN0HeG8PrbXR3opmY9TPnw+0W0SKsHskbH1aAxzxNrXuw2YXb4yyg8grf
bnwOtcYGVNiShHMGOx9cvncnLfSXBZs9FqAaZVKRzhPUlK5tbvtBHh2aLXu6TlJC
hiQgPQOjUHRwbEeCL0RO3KTIlHaoMZbjEO2kWbFDh4bgWdFJglCv57FVVplIIjq0
3ogP719jN1NNyebX8CJ6OIyWH+id9y6ghARmnvHcRGu3c3f+G2OtokpwKiC/pm07
+jx6IeHh7get/L+Qh7tXDnKrrAU4YwCoSO50BOmgtf7Gxt2NIBX2A8L/z70BNOiK
WpM0bbmQUiNJKmE2skS8REEQ+rQiOv3rh/Fu8Qo09gZngZH1FHHd8rwclJEkNy8e
wlUP/tWDLHrrevcMdrB/
=rJDh
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk