On 04/04/2017 12:50 AM, Nick Mathewson wrote:
> On Mon, Apr 3, 2017 at 8:20 AM, George Kadianakis
> wrote:
>> Nick Mathewson writes:
>>> Section 2.1 and elsewhere:
>>>
>>> I suggest that we require all address suffixes to end with .onion;
>>> other
Hi all,
Our proposed defenses (Counter-RAPTOR) against active routing attacks on Tor
will soon appear at IEEE S in May. It's also available here:
https://arxiv.org/abs/1704.00843
In short, we have two lines of defenses:
(1) Entry Guard Selection (proactive defense,
Hi Nick. Just a quick note that something I've wanted from time to
time is a 'make the control port read-only' option so only GETINFO,
GETCONF, events, etc would work. Yes, these could be used to
deanonymize a user, but it could provide assurance the controller
doesn't tamper with tor. This has
On Mon, Apr 3, 2017 at 6:39 PM, dawuud wrote:
>
>
> It's worth noting that controllers able to run SETCONF can ask the tor
> process to execute arbitrary programs:
>
> man torrc | grep exec
>
> So if you want a controller to have any less privileges than the tor
> daemon