Hi,
Here's a summary of what happened in the prop267 meeting in #tor-dev yesterday with Nick, Tom, Sebastian and myself.
Sebastian started by summarising the proposal nicely.
Topics discussed: - for bootstrap reasons we can't mandate using tor for all communication - SCT's or not: using SCT's instead of inclusion proofs would lower the burden on operating a log and save bytes on the wire - pushback on suggestion of turning all relays into auditors, reason being increased (code) complexity - there are some differences between "MITM:ing tor" and "MITM:ing on the internet", one being that a tor mitm is the controlling of a majority of the dirauth keys, which in many cases is more persistent than an IP layer MITM - the "eventually you escape a MITM" hand waving is problematic - we need a story on how a perfectly tor-MITM:ed TAILS user get back to the real network - relays and clients must check consensus documents the same way - hard fail or not when consensus isn't shown to be in a log? - handling of changes in the set of dirauths
Identified next steps: - add text about what needs to be and what should be anonymised, taking bootstrapping issues into account - decide on replacing SHA2-256 with SHA3-512 or SHA2-512||SHA3-512 (taking availability of implementations into account) - decide on using SCT's or not - analyse the "TAILS user under MITM" case - analyse "set of dirauths changing"
What did I miss?
Full logs can be found at http://meetbot.debian.net/tor-dev/2016/tor-dev.2016-03-17-14.58.log.html