-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Personally I like what Petrusko provided the most
In torrc, an idea...??
*MyFamily http://mydomain.org/myfamily.txt*
the list being a plaintext file of fingerprints seperated by newlines, and if the server having that family list is not in that mentoined family list, it's not authorized to be in that family.
Altho this will create an overhead of making a new http request when looking for an Tor node, which may be a problem. it actually isn't possibly at all without leaking the real IP to said server, or someone needs to be more creative then me :s
But on the other hand, if you run more then 4 nodes, just let puppet or any other system managment tool fill in the MyFamily field, shouldn't be that hard imo
On 09/28/2016 02:44 PM, Random Tor Node Operator wrote:
On 09/28/2016 02:01 PM, Chad MILLER wrote:
So? A relay can always have behaved badly. What's the harm in you fraudulently claiming to be in family com.example.chadmiller ? A user's path won't have passed through both you and me, but you could have prevented traffic from passing through you any time. At worst, you get to participate in a user's path and exclude me from participating. That's no worse than you setting your machine on fire and me participating.
- Bad actor sets up a bunch of relays fraudulently joining the
majority of other relays. 2) Path selection of clients will now effectively prefer the bad actor's relays on which he performs eavesdropping, traffic analysis, or other nasty things.
The bad actor could also leave a few of his bad relays without family in order not to uncover himself so easily.
I am in favor of a scheme where the process of joining a family is authenticated.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays