Dear operators,

please don't generate your torrc MyFamily configurations
based on untrusted input.

I think it is a *bad* idea to modify tor configurations
based on other people's descriptor data
*especially* if anyone is going to run this automatically.

Please use ground-truth to generate MyFamily sets otherwise
we can no longer even trust MyFamily sets.

That said if you trust onionoo, you might be able to build onionoo
search queries that are NOT vulnerable to random people injecting
themselves in your MyFamily set. 

Examples:
- you run your own AS and all servers in that AS are under your control 
(parameter: as)
https://metrics.torproject.org/onionoo.html#parameters_as
- all your relays are under your own DNS domain and only you can generate DNS A 
records for that domain
and [1] is implemented
(note: these onionoo fields appear currently somewhat broken)

Ideally the generator only allows more safe parameter and rejects unsafe 
parameters like contact

> Does this have a disadvantage? Well, yes. If someone creates a relay
> with the same pattern in ContactInfo and MyFamily as what you put
> into FamilyGenerator, their relay(s) may get picked up and put in
> your generated MyFamily line as well.



[1] https://trac.torproject.org/projects/tor/ticket/26898

-- 
https://twitter.com/nusenu_
https://mastodon.social/@nusenu

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Reply via email to