On 26 November 2014 at 06:58, Florian RĂ¼chel florian.ruechel.tor@inexplicity.de wrote:
Certificates for HS: I find this topic particularly interesting and have followed the discussion. The general concept seems like a great thing to achieve and it could actually outperform the regular SSL/CA infrastructure stuff as it could remove the need for CAs. Unfortunately, this seems something that is not extensive enough to warrant a whole thesis. If you guys think otherwise, please let me know.
I think there are some things here that might be large enough. Specifically: What is the best way to present an Extended Validation badge in Tor Browser without requiring a CA signature. Some ideas that have been thrown around: - Have a .com leaf cert sign a .onion cert, change the green to orange, and show the original domain name - Have some sort of Namecoin/Sovereign-Keys like structure (also applicable to petnames) - User-configurable and managed favorites system in an extension that petnames a Hidden Service to a name, for that user only
Tor with mix features: Tor has the explicit goal of being a low-latency network. However, there are several protocols where high-latency would be acceptable. I liked the idea of high latency HSes (https://lists.torproject.org/pipermail/tor-dev/2014-November/007818.html). I'd like to know what you think about this idea being viable. It would have the advantage of being very flexible from just a theoretic evaluation down to a real implementation so I could adjust this to my time. But only if this is actually desired so it does not need to stay theoretic. I think it would be very interesting to evaluate whether this can improve or hurt anonymity of low-latency users, as well.
Lots of people love the idea of getting High-Latency inlaid in the Tor network. There is definitely interest here. This sounds like more than a 6 month thesis, but maybe if you bit off a chunk of it.
This would be the bigger topics I have found on which I could see myself building a thesis. I also stumbled upon smaller research questions (e.g. whether running a bridge/relay is good, bad or doesn't make a difference for anonymity) but none of those warrant a full 6 month thesis so I discarded them for the moment.
Hm, maybe "Can an attacker distinguish traffic leaving an exit node from the following three profiles:" - User on that machine doing interactive web browsing - User SSH-ed into that machine doing interactive web browsing - Person using Tor exiting through that relay
I suspect the answer is "Yes, easily." but AFAIK it's never been demonstrated, and there's an unofficial recommendation you see repeated places that say "Oh, run an exit relay so your traffic mixes with it."
-tom