Matej Pfajfar matej.pfajfar at
Wed Sep 4 06:23:41 UTC 2002

> -----Original Message-----
> From: owner-or-dev at 
> [mailto:owner-or-dev at] On Behalf Of Roger Dingledine
> Sent: Wednesday, September 04, 2002 1:07 AM
> To: or-dev at
> Subject: Re: Suggestion
> On Tue, Sep 03, 2002 at 11:41:08PM +0100, Andrei Serjantov wrote:
> > Sure, I appreciate that. I am happy for this mode to be off by 
> > default. Interestingly, this is an argument for not running 
> your own 
> > OR either way.
> That's a really good point. It was rolling around in the back 
> of my mind, but I hadn't followed it to its conclusion:
Surely it goes both ways - if the adversary knows about the OR network
and has the or.routers list, then he will know that you are running an
or router and if requests come in from he'll know that
he can't tell just from the logs that it's actually you connecting to
him ... Even if it is most likely.

> "If I implement a stupid mode, most people will turn it on."
> (And if I don't implement it, people will keep asking for it 
> until somebody does.)
I like these open-source dogmas :-).

> What's the usual answer to this, in terms of software 
> engineering and security projects?
Well stuff like this invariably gets implemented and the developers then
stick a big WARNING! Into the README file.
But in this case - should we ever assume that the adversary is weak
enough to turn this on?


> --Roger

More information about the tor-dev mailing list