Control Spec Addition First Draft

Sebastian Hahn hahn.seb at
Thu Mar 4 02:52:20 UTC 2010


my comments inline below.

On Jan 24, 2010, at 1:58 AM, Damian Johnson wrote:
> Hi all. This proposal doesn't seem to be going anywhere so thought I  
> should give it one last nudge before moving on to more worthwhile  
> work. The issue's sticking point seems to be a difference of opinion  
> about what constitutes relay evilness. Nick, Jake, and Sebastian all  
> believe in a hard line stance against any retrieval of connection  
> information (netstat, lsof, etc). I disagree, and think this is  
> harmless unless stored or communicated. Unless this can be resolved  
> I think it's obvious the proposal isn't going anywhere.
> Please note that I'm discussing relay to relay connections at the  
> moment. If we can't even agree on that then client and exit  
> connections are a moot point (and besides, I agree they should  
> definitely be hidden from relay operators - personally I think it's  
> the responsibility of client applications like vidalia and arm to  
> scrub this data, but that's a different discussion...).

This seems to change the original intent of the proposal, which was  
(afaiui) to get a listing of all connections from Tor. I wouldn't mind  
doing that at all. It does, however, depend on the implementation of  
proposal 163 (detecting clients), because otherwise Tor itself cannot  
reliably differentiate in all cases.

> Just to be clear I agree this proposal should be killed if it poses  
> a threat to Tor users. However, I don't believe it does and still  
> have yet to hear an example of any sort of threat it aggravates.  
> Without that I'm a bit puzzled at the source of objections. If the  
> chief issue is legal or not wanting to risk the appearance of  
> supporting snooping that's fine (strikes me as political posing if  
> there's no actual benefits to users, but cest la vi).

If you change it to be explicit about the fact that you do not want to  
show exit/guard connections, I think this would be ok. It needs to be  
actually spelt out, though.

> My bias is toward safety for relay operators and I'm glad to see  
> others biased toward user privacy pushing back. Hopefully we'll be  
> able to find something acceptable to all parties concerned but if  
> not it won't be the end of the world. Cheers! -Damian

Just to see if others are interested in moving this along, or if  
everyone wants to kill it.


More information about the tor-dev mailing list