-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 >> What would be the catch with making these reports and discussion >>> public? Would it help bad actors? They will eventually find out >>> about the consensus changes anyway, no? > I think we need to distinguish between the report and the > discussion. Ultimately, a report that is acted upon *cannot* remain > secret. As soon as a relay gets the BadExit flag, the operator can > figure out that they got caught. As a result, I believe that the > mere fact that a relay was blocked (via BadExit or reject) can be > published. There is an ongoing discussion if we should do that. > > The discussion of observed malicious behaviour, however, can give > the attacker a lot of knowledge which they can exploit in order to > evade detection in the future. Consider, for example, an HTTPS > MitM attack which targets a small number of web sites. If somebody > reports only one of these targets, the attacker can spawn a new > relay after discovery and simply reduce the set of targeted sites > in order to remain under the radar. This seems to be an uphill > battle and it's difficult to have full transparency without giving > dedicated adversaries a big advantage.
You might find the proven approach used in other areas (security bugs) a viable option: Keep the discussion private until a decission has been reached, make it (the discussion) public once the report has been closed (whether with or without a flag or reject entry). This allows for transparency while at the same time shouldn't interfere with ongoing investigations. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJT2pdXAAoJEDcK3SCCSvoedmcP/jHkpAl9BrMmDGyFANWZyq0P LHE83kCDHp52aGlLW46thjX0W9XEGaPM+bEjyuadL1wQZ6xCqzjqNz+onUP0Ry8y Zr4mHJcWNQHHuRymFOBFmPyQcgaR633ZCbOLfluVWTyj5KGRgqDv3oXm9saz/T5M CQr3SPsBtvPToPRgUHr0iUMBpy1L10IX8vcfwQXlk6gchQFP6sNdvWo/uUQB2Q4Q zX8OPNVZPogBBMcrJ0LFMw1J+cCKwIddgp2vdE7HIoxOTWGF9EpBIGf5kWwoiFV0 tMFT1CmAID5qSYb3FXyh0WqjIueFcQypiD+WJNgMrFTG6RGx8dyp+oYiVucvg0o1 STWJrk2mGWj6NlBnCnDCvey1tE63wT3gYvnT5I1czNotTunWgPwwvlUd778AkbFz YccPGuReELp29jyn5VjjwL3SmRzbjsaB/kFzUi2zLXc5xZtJ6ZkbayGt/rSNnjwS 2bjsGievaaG2oMMdTQAzG5daYlO52W6FKfgp8Ee6q8hh9D9dxb04TDA3hT7fLqYA yiklsq0e+xs1qsgIgUJMNji8JvqNy17VecK3MG3DqbeeGNZBr2BaTynFwGGu4KMI IyvW++I5p5C4tT40QAn+56nPixKW/4cTD+W6Wprw0Ff7jC6HyFz5RyJBpiyMnxkn epZtvx0krEpg/0zQ3knL =lXAd -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk