Hi! On Sun, Jul 14, 2013 at 1:15 PM, Ralph Holz <h...@net.in.tum.de> wrote: > Ah, I see. I was thinking more along the lines of "how do I make sure I > am not accidentally speaking to the censor himself?". As that would be > as harmful as not being able to speak at all.
Not necessary, if you still have end-to-end encryption. So transport layer should just assure transportation. > BTW, how do you propose to make Sybil nodes "impossible"? I don't. I am just making an argument, that maybe there is some way we (or I) don't yet know which would allow us to don't have to trust other nodes with anything else that they forward the packet. And if they don't, we can maybe detect that and remove them from the routing path. So at the end maybe it is not even important if Sybil nodes are possible or impossible. You just care if they forward the packet. If they do, this is it. If they don't (from whatever reason, being malicious or just malperforming), you route along that, no? But to be able to route around, you have to be able to have multiple paths. >> So yes, while we currently don't know how to do such a network without >> being sure to who you are talking, I am wondering if there is some >> proof that we will never be able to know how to do that? So is there >> some inherent property which would as a consequence show that we have >> to trust somebody ultimately? (Maybe we have to trust them just >> partially, or just for a short periods of time, or maybe with some >> probability we can get "good enough" performance.") > > I am not so sure I understand what you mean, I am afraid. But generally > speaking, it is very hard to quantify 'trust'. There is a host of > literature on that, with trust metrics etc. I don't know much about > that, except that I don't see it used anywhere. I was just saying that saying "you need somebody you know and trust in the network" implies one of two things: - we currently don't know how to do it otherwise, or - it is known that it is so and it will never be possible to do it otherwise (and is there a proof for that?) > Although, if I were the censor, I'd go and censor the underlay. Do DPI > on IP level and throttle (not block) by dropping 80% of all TCP > segments. Just enough to let TCP retransmit all the time. Tor has been > attacked (not throttled, blocked) that way on several occasions. I > expect Jake and Roger will tell us more about that when they give their > next talk. :) Yes. :-) BTW. The issue I have with "you just have to make a security decision who you trust" and then everything will work is that we have for quite some time very good and secure systems, where the only decision you have to do is a such one. And they fail again and again because people are very bad at determining this (phishing, for example). So saying that this is the only thing they should do for me is already a bit too much. We should find ways to make such decisions easier (in the browsers, we display warnings - and they are still not working always). And with schemes where your security decision does not just impact you, but also everybody else down your routing chain, this is even bigger problem. Mitar -- http://mitar.tnode.com/ https://twitter.com/mitar_m -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
