hello, I'm new to the list (and to tor development), so I introduce myself. I mostly subscribed because I'm seriously considering to apply for google summer of code with torproject :) I'm especially interested to the "petname" problem, I'll write more below
Steven Murdoch wrote:
On 17 Dec 2011, at 01:14, Jacob Appelbaum wrote:
A nym will expire if either the HS goes offline for longer than a given time threshold or if he explicitly requests removal of the association to that particualr nym. This allows dynamic reallocation of nyms and avoids nym squatting.
This may be stating the obvious, but a problem here is someone could DoS the hidden service for sufficiently long they could steal the nym. If the attacker is smart, they will only do the DoS when the nym authority is checking (which suggests the nym authority should check at random intervals).
that's of course one of the biggest problem to face; the other is the single-point-of-failure issue. Why don't we make the other way around? That is, Beppe itself will periodically send a signed message to such an "authority" stating the petnames he wants to be associated to. This could also been sent by means that are not reachable for the attacker (for example, in case of a serious attack, Beppe could just sent this message manually with an email from a different computer)
Then I'd like to ask about the extent of such a project for GSoC. I'm really interested in doing this because I really like the concept of darknet and the "petnames" will really make them reasonably easy to use. However, it's easy to see the limits of this: single point of failure, which is both a problem for crashes AND censorship/security (what if the central authority start censor nyms? or worst, providing false associations). I suppose that a GSoC student can't solve all this problems alone :)
So, how much is "enough"? Of course, I really intend to continue my work/research about this, but when talking about jobs, allocating time is really important.
Greetings