On Mon, Dec 5, 2011 at 7:36 PM, Pascal <pascal...@users.sourceforge.net> wrote: > Note that it does not hurt a server to have itself listed in MyFamily. The > easiest way to maintain this line is to make a list of all your servers and > paste that line verbatim on all of your servers.
But it's N^2 work if you add servers one at a time, which is annoying and failure prone. It would be nicer if the family option took a secret string for each specified family that was hashed (e.g. via PBKDF2) and then used as a private key. Then the node ID is signed using that key (e.g. with ECDSA) and the signature is published in the directory. Nodes could then validate the signatures and then treat all nodes with the same public key as the same family. Because the security of this isn't terribly important a fairly small field could be used. This would make directories bigger for small families but smaller for big ones. It would avoid the constant update work and make it less likely that well meaning people would misconfigure. Sadly doing something like this w/ RSA would be very bloating. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk