On 10/4/12, Eugen Leitl eugen@leitl.org wrote:
I've had an IRC session with the designer of cjdns (on cjdns) who made a few interesting points, and suggestions. Comments?
Verbatim chat snip below.
18:03 <@cjd> if you took the components from cjdns, you could build a TOR like protocol which used UDP if possible and made connections much faster 18:04 <+eleitl> I wonder why they didn't choose UDP
Presumably because TCP was easier.
18:05 <@cjd> you need to fall back on tcp in case you're firewalled to hell 18:05 <+eleitl> Apparently, they're thinking about it
https://blog.torproject.org/blog/moving-tor-datagram-transport
Yes. TCP was a bad choice for Tor.
18:06 <@cjd> problem with tor is (correct me if I) 18:06 <@cjd> 'm wrong) 18:06 <@cjd> the directory is signed by the tor foundation 18:07 <@cjd> so they can sign a fake directory and run a bunch of directory servers and when Alice connects to their directory server, they give her a bunch of fake nodes
The v3 network consensus document must be signed by a majority of the (currently nine) directory authorities' signing keys. None of the directory authorities are operated by Tor Project, Inc..
18:07 <@cjd> run their own botnet with fake tor nodes so your circuit is always owned
TPI does not have the expertise needed to run a botnet for this purpose.
18:07 <+eleitl> I don't really know for sure, but there's intrinsic trust to Tor developers, yes. 18:08 <+eleitl> You can run your own Tor network, though. 18:08 <+eleitl> Some botnets do that.
Interesting. Do you have a reference describing one of these botnets?
18:08 <@cjd> I trust them to make the software right, esp. since I could check if they did. 18:09 <@cjd> But a little arm twisting can change someone's motives pretty fast. 18:09 <+eleitl> Maintaining signing secrets is a problem. 18:09 <+eleitl> They should have used a P2P design.
Do you have a ‘P2P design’ for Tor which doesn't rely on trusted parties ‘maintaining signing secrets’ and which isn't broken? (Hint: No, you don't.)
Do you have any ‘P2P design’ for Tor at all which isn't broken?
18:10 <@cjd> If someone (with government hat?) tells you they can make your life hell... I wouldn't fault them for doing what the man says. 18:10 <@cjd> *wouldn't fault you 18:10 <+eleitl> I'll try bugging some Tor developers about that scenario, and see how they squirm. 18:11 <+eleitl> Also, the UDP connection thing. 18:11 <@cjd> You can "stack" your circuit setup packets if you're using UDP 18:11 <@cjd> stack -> all headers in the same packet 18:12 <@cjd> cjdns does the same thing
If this refers to including the circuit-extension packet which caused a relay to open an OR connection in the first UDP packet that it sends in order to open that connection, I agree that that would be a good thing to do, although mostly for reasons that cjd isn't mentioning.
If this refers to setting up a complete three-node Tor circuit with only one outgoing packet sent by the client, that can be implemented without a UDP-based transport (and early versions of Tor did implement it).
Robert Ransom