On Fri, 19 Nov 2010, Theodore Bagwell wrote:
On Fri, 19 Nov 2010 08:11 -0500, "Paul Syverson" <syverson@xxxxxxxxxxxxxxxx> wrote:Your reactions are good. It's just that many people have had the same reactions so we've explored this, and nobody in all of the research done has yet produced a viable version of what you suggest.The nature of the attack outlined in the paper is expensive. The paper suggests rapid deployment, collection of data, and undeployment. The longer the interloping system runs, the more it costs.
I don't think it sounds expensive at all - I suspect a private individual could ramp this up for $10k per month or less. It's not chump change, but it's not exactly at the nation-state level either...
(I am thinking of Amazon EC instances, etc.)
Perhaps, at a network level, we can detect a sudden massive deployment of ORs and mark them as suspicious? Or, as mentioned earlier, we can assign an OR a level of trust commensurate with its age? (Admittedly, this may increase security at the expense of delayed benefit of new ORs)
Isn't this problem an obvious "web of trust" application ? Can't this be solved by a pgp-style web of trust ?
I don't like the idea of solving it this way because I rather like running my tor node(s) in complete anonymity, so it's not something I necessarily want to be involved in ... but theoretically, that would solve it, no ?
*********************************************************************** To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/