[tor-dev] Notes from the prop267 meeting 2016-03-17
linus at torproject.org
Fri Mar 18 10:05:46 UTC 2016
Here's a summary of what happened in the prop267 meeting in #tor-dev
yesterday with Nick, Tom, Sebastian and myself.
Sebastian started by summarising the proposal nicely.
- for bootstrap reasons we can't mandate using tor for all communication
- SCT's or not: using SCT's instead of inclusion proofs would lower the
burden on operating a log and save bytes on the wire
- pushback on suggestion of turning all relays into auditors, reason
being increased (code) complexity
- there are some differences between "MITM:ing tor" and "MITM:ing on the
internet", one being that a tor mitm is the controlling of a majority
of the dirauth keys, which in many cases is more persistent than an IP
- the "eventually you escape a MITM" hand waving is problematic
- we need a story on how a perfectly tor-MITM:ed TAILS user get back to
the real network
- relays and clients must check consensus documents the same way
- hard fail or not when consensus isn't shown to be in a log?
- handling of changes in the set of dirauths
Identified next steps:
- add text about what needs to be and what should be anonymised, taking
bootstrapping issues into account
- decide on replacing SHA2-256 with SHA3-512 or SHA2-512||SHA3-512
(taking availability of implementations into account)
- decide on using SCT's or not
- analyse the "TAILS user under MITM" case
- analyse "set of dirauths changing"
What did I miss?
Full logs can be found at
More information about the tor-dev