A quick response:
it also decreases the incentive to launch such an attack because the threshold of witnesses that are required to sign the document for the signature to be accepted can be locally set on each client.
This does; however, give a pretty straightforward fingerprinting attack.
I'm afraid I don't see what you mean here. Are you talking about the "locally set" threshold of witnesses that must have participated in the CoSi signature in order to be considered valid ? -> Yes: If an attacker has successfully fingerprinted a Tor client by knowing its "threshold", that means the attacker already has corrupted the *majority of the D.A.s* (because the consensus document still need to be signed as usual by a majority of D.A.s), AND at least *threshold* witnesses. -> No: Could you elaborate then please ? :)
Yes. Hardly an easy attack, but if Alice has set her threshold to N+20 signers from the normal N, I can feed a client consensus documents with N+19 and N+20 witnesses and if the first doesn't stick and the second does - I've a good idea it's Alice (or someone else who has set their threshold to N+20).
My 2 cents about that ;)
1 - I think a fingerprinting attack over a range of ~100 discrete values (there would be around ~100 witnesses) will be very inaccurate regarding the size of Tor users. 2 - If an attacker already has the possibility of doing this, that means he controls already a majority of the D.A. plus some CoSi witnesses. -> The attacker can only do this attack for as many witnesses it controls. If Alice has set her threshold to 80, the attacker must control at least 80 witnesses (which already a very very bad situation!). The default threshold should be high (> 80, > 90) to drastically increase the cost of such an attack. -> I'm also thinking there could be way much more damaging attacks that the attacker can do in a situation like this (consensus containing a majority of its relays etc).
Teor's comments about Fallback Dirs are better than ones I could write. =)
Thanks a *lot* (both of you) for your comments, they've been very fruitful! I'm already working on the next version in the few free time I have.
More feedback always welcome ;)
Nicolas
-tom _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev