On Thu, 30 Apr 2009 16:59:58 -0400 Andrew Lewman and...@torproject.org
wrote:
On Mon, 27 Apr 2009 23:57:17 -0500 (CDT)
Scott Bennett benn...@cs.niu.edu wrote:
In general, these options seem a fine way to partition the tor
network. Possibly more so for new releases and arbitraging the time
during which clients and relays upgrade. Tor clients already don't
Well, the developers themselves did that a while back when they
cut off the non-V2Dir-capable clients and servers, right?
trust the relays. The risk is possibly more to the relay operator than
How so? Does a client refuse to use a relay whose version is not
in the server-versions list distributed in the V3 consensus documents
or the V2 status documents?
the tor clients using their relay. It's their OS in most cases that's
at risk, not so much the Tor network.
b) tor clients will not choose relays whose versions do not
match a version listed in server-versions when choosing routes for
circuits. This could be implemented as additional code in
circuitbuild.c or it might be implemented more simply by having the
authorities refuse to give a Valid flag to such relays.
An option to allow your client to only select from a list of relays
running a version as agreed by the DA's as recommended seems the better
of your a vs b.
Well, yes, I thought quite a while before suggesting a), but also
realized that there can be quite a long delay and upheaval involved in
a change to the directory standard and protocol, so I suggested the use
of b) in the interim. Suggestion a) is, in the long run, a better approach.
We should stop talking about making the relay trust the client. I
don't think implementing a DRM scheme serves Tor in any way. If you
That was not me, FWIW. However, I did suggest that a client not trust
*itself* if its own version were not listed in client-versions in the V3
consensus or the V2 status.
think of Tor like TCP, then the whole discussion gets silly. Tor is an
anonymizing protocol on top of tcp/ip, for now. Hidden services and
Right. It would be good to have an SCTP implementation of tor someday.
such are example applications that use Tor, the protocol.
Roger and I have had conversations about this thread in taxis, train
stations, and the like as we've been traveling. I'm sure he'll comment
My goodness! I had no idea that it would really generate much interest
among developers. I only hoped so.
at some point.
I predict that will interesting. :-)
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at cs.niu.edu *
**
* A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army. *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**