On Thu, Oct 04, 2012 at 01:50:47PM -0400, Robert Ransom wrote:
The v3 network consensus document must be signed by a majority of the (currently nine) directory authorities' signing keys. None of the
Nice.
directory authorities are operated by Tor Project, Inc..
Is there a documented process by how these authorities are chosen, and ways for third parties to audit that it's not a tentacle operation?
18:07 <@cjd> run their own botnet with fake tor nodes so your circuit is always owned
TPI does not have the expertise needed to run a botnet for this purpose.
TPI being...?
18:07 <+eleitl> I don't really know for sure, but there's intrinsic trust to Tor developers, yes. 18:08 <+eleitl> You can run your own Tor network, though. 18:08 <+eleitl> Some botnets do that.
Interesting. Do you have a reference describing one of these botnets?
Sorry, that was typed in haste. The only botnet using Tor I'm aware of is
http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_...
which uses the regular Tor network. Not aware of a botnet running a private Tor network, though such a thing can be not far behind.
18:08 <@cjd> I trust them to make the software right, esp. since I could check if they did. 18:09 <@cjd> But a little arm twisting can change someone's motives pretty fast. 18:09 <+eleitl> Maintaining signing secrets is a problem. 18:09 <+eleitl> They should have used a P2P design.
Do you have a ‘P2P design’ for Tor which doesn't rely on trusted parties ‘maintaining signing secrets’ and which isn't broken?
No need to be snarky, I mean well. There are obviously ways in which network quorum can eliminate authorities as a single point of failure (see Bitcoin, Tahoe LAFS, etc).
(Hint: No, you don't.)
Do you have any ‘P2P design’ for Tor at all which isn't broken?
What very few people know: I'm actually a dog. W00f. I don't have the money or the skills to do anything which would survive more than a friendly sandbox. Don't ask me for patches, I'll drag you in a wet skunk which has been dead for a while.
18:10 <@cjd> If someone (with government hat?) tells you they can make your life hell... I wouldn't fault them for doing what the man says. 18:10 <@cjd> *wouldn't fault you 18:10 <+eleitl> I'll try bugging some Tor developers about that scenario, and see how they squirm. 18:11 <+eleitl> Also, the UDP connection thing. 18:11 <@cjd> You can "stack" your circuit setup packets if you're using UDP 18:11 <@cjd> stack -> all headers in the same packet 18:12 <@cjd> cjdns does the same thing
If this refers to including the circuit-extension packet which caused a relay to open an OR connection in the first UDP packet that it sends in order to open that connection, I agree that that would be a good thing to do, although mostly for reasons that cjd isn't mentioning.
If this refers to setting up a complete three-node Tor circuit with only one outgoing packet sent by the client, that can be implemented without a UDP-based transport (and early versions of Tor did implement it).
Thanks, I'll pass that on when I'm cjdnsland again.
By the way, I would be very interested in Tor developer's opinions about the design of cjdns (of course, that's still pretty much in flux, and parts of infrastructure missing, particularly P2P DNS).