On May 20, 2010, at 08:39 AM, Flamsmark wrote: > On 20 May 2010 07:44, <and...@torproject.org> wrote: > If Mallory lists Alice > and Bob, but neither Alice nor Bob list Mallory, it's not a valid > Family. Otherwise, Mallory could list every node in the network and > screw everyone. > > Why would this screw everyone? I admit that I don't fully understand how > families are implemented, however, this doesn't seem sensible to me. Under a > scheme which allowed ``one-sided family declarations'' this doesn't seem to > be the ideal behaviour. If Mallory lists all the nodes in the network, then > this should prevent all the paths which have Mallory somewhere in them, but > not paths which avoid her entirely. An aggressive family declaration by > Mallory only prevents her from getting traffic, without impacting the rest of > the network.This would seem to be the only sensible way to implement > ``one-sided family declarations'', to prevent exactly the problem described.
The problem I see with this is that it requires some foresight and backtracking in the creation of tunnels, which will add to network strain, unless someone can suggest a way to plan out the tunnels ahead of time.