[tor-dev] resistance to rubberhose and UDP questions

Eugen Leitl eugen at leitl.org
Thu Oct 4 16:28:59 UTC 2012 

I've had an IRC session with the designer of cjdns (on cjdns)
who made a few interesting points, and suggestions. Comments?

Verbatim chat snip below.

18:03 <@cjd> if you took the components from cjdns, you could build a TOR like protocol which used UDP if
             possible and made connections much faster
18:04 <+eleitl> I wonder why they didn't choose UDP
18:05 <@cjd> you need to fall back on tcp in case you're firewalled to hell
18:05 <+eleitl> Apparently, they're thinking about it
                https://blog.torproject.org/blog/moving-tor-datagram-transport
18:06 <@cjd> problem with tor is (correct me if I)
18:06 <@cjd> 'm wrong)
18:06 <@cjd> the directory is signed by the tor foundation
18:07 <@cjd> so they can sign a fake directory and run a bunch of directory servers and when Alice connects to
             their directory server, they give her a bunch of fake nodes
18:07 <@cjd> run their own botnet with fake tor nodes so your circuit is always owned
18:07 <+eleitl> I don't really know for sure, but there's intrinsic trust to Tor developers, yes.
18:08 <+eleitl> You can run your own Tor network, though.
18:08 <+eleitl> Some botnets do that.
18:08 <@cjd> I trust them to make the software right, esp. since I could check if they did.
18:09 <@cjd> But a little arm twisting can change someone's motives pretty fast.
18:09 <+eleitl> Maintaining signing secrets is a problem.
18:09 <+eleitl> They should have used a P2P design.
18:10 <@cjd> If someone (with government hat?) tells you they can make your life hell...   I wouldn't fault them
             for doing what the man says.
18:10 <@cjd> *wouldn't fault you
18:10 <+eleitl> I'll try bugging some Tor developers about that scenario, and see how they squirm.
18:11 <+eleitl> Also, the UDP connection thing.
18:11 <@cjd> You can "stack" your circuit setup packets if you're using UDP
18:11 <@cjd> stack -> all headers in the same packet
18:12 <@cjd> cjdns does the same thing
18:13 <+eleitl> Can I use snippage from this chat verbatim, or will I need to rephrase?
18:14 <@cjd> sure go ahead
18:14 <+eleitl> Thanks!
18:14 <@cjd> can only speak for myself ofc
18:14 <+eleitl> Sure.

More information about the tor-dev mailing list