Andrei Serjantov aas23 at
Tue Sep 3 23:12:18 UTC 2002

> > Sure, I appreciate that. I am happy for this mode to be off by default.
> > Interestingly, this is an argument for not running your own OR either way.
> That's a really good point. It was rolling around in the back of my mind,
> but I hadn't followed it to its conclusion:
> "If I implement a stupid mode, most people will turn it on."

I made a mistake by calling it a stupid mode. This is about estimating
your adversary. If your adversary is weak, turn it on. If your adversary
is strong, turn it off. Alternatively, we could naem all our nodes or something like that in which case we probably don't
need the stupid mode.


> (And if I don't implement it, people will keep asking for it until
> somebody does.)

Indeed. I love being stupid!

> What's the usual answer to this, in terms of software engineering
> and security projects?

I might take this straw poll to a local security group meeting in a few


Andrei Serjantov
Queens' College
Cambridge CB3 9ET

More information about the tor-dev mailing list