-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
I hope I don't sound too pompous saying this, but I really don't think relays should run on Windows. Windows is the primary target of weaponized and general exploits, and it's less secure than a properly configured Unix distribution. People running nodes, especially exit nodes, have a responsibility to their users, and I just don't think Windows is the best choice in that regard.
This is especially relevant with potential adversaries like the Chinese government, who can buy Windows exploits that can't be prevented by user configuration, and can't be recognized by public auditors because of the closed source code. Market *nix exploits also exist, but (IIRC) they're much rarer and less expensive.
It's possible that I'm wrong, though. Let me know if Windows is more secure than I think.
Libertas
On 11/05/2014 11:15 AM, Tom Ritter wrote:
On 5 November 2014 03:04, grarpamp grarpamp@gmail.com wrote:
On Tue, Nov 4, 2014 at 12:25 PM, Libertas libertas@mykolab.com wrote:
I think it would be a good idea to add OpenBSD to doc/TUNING because [...] promoting OpenBSD relays benefits the Tor network's security.
Absolutely. Not just due to OpenBSD's security positioning, but moreso from network diversity. Windows is its own world.
I tried installing OpenBSD once... it was tough, heh.
Coming from a Windows background, I like the idea of running more nodes on (up-to-date, maintained) Windows servers.
I'll also throw out the obvious that if we're talking about diversity for the purposes of security, the network-accessible parts of tor rely on OpenSSL, which would probably be difficult to swap out, but might be worth it as an experiment. Even if it's to LibreSSL. Maybe the zlib library also, but that one's had a lot fewer problems than OpenSSL.
-tom _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays