[tor-dev] Notes from the prop267 meeting 2016-03-17

Linus Nordberg linus at torproject.org
Fri Mar 18 10:05:46 UTC 2016


Here's a summary of what happened in the prop267 meeting in #tor-dev
yesterday with Nick, Tom, Sebastian and myself.

Sebastian started by summarising the proposal nicely.

Topics discussed:
- for bootstrap reasons we can't mandate using tor for all communication
- SCT's or not: using SCT's instead of inclusion proofs would lower the
  burden on operating a log and save bytes on the wire
- pushback on suggestion of turning all relays into auditors, reason
  being increased (code) complexity
- there are some differences between "MITM:ing tor" and "MITM:ing on the
  internet", one being that a tor mitm is the controlling of a majority
  of the dirauth keys, which in many cases is more persistent than an IP
  layer MITM
- the "eventually you escape a MITM" hand waving is problematic
- we need a story on how a perfectly tor-MITM:ed TAILS user get back to
  the real network
- relays and clients must check consensus documents the same way
- hard fail or not when consensus isn't shown to be in a log?
- handling of changes in the set of dirauths

Identified next steps:
- add text about what needs to be and what should be anonymised, taking
  bootstrapping issues into account
- decide on replacing SHA2-256 with SHA3-512 or SHA2-512||SHA3-512
  (taking availability of implementations into account)
- decide on using SCT's or not
- analyse the "TAILS user under MITM" case
- analyse "set of dirauths changing"

What did I miss?

Full logs can be found at

More information about the tor-dev mailing list