[tor-dev] Much-revised draft, RFC: removing current obsolete clients from the network
spencerone at openmailbox.org
Fri Mar 25 20:45:48 UTC 2016
> Nick Mathewson:
> I should try to clarify!
> questions don't seem to apply to proposal 266
They are about the central control of a [somewhat] distributed network,
specifically, the execution of clients on behalf of the operator.
So, #264 & #266.
> I've tried to split the first version of the
> proposal into 2.
I understand the proposals as:
>> prop#264 is for how things _should_ work ;
>> prop#266 is what we do in the absence of
>> client-side support in existing Tor versions.
>> anybody who doesn't know how to die via prop264
>> will be killable in whatever way we choose for prop266.
And would recommend the titles [though obviously not as relevant as the
'How to ensure client death'
'How to kill clients that wont die'
> I'm not aware of anything published.
> 1) A non-updated Tor is insecure.
> 2) the bulk of [some older] deployed versions appear
> to be defunct botnets
> 3) [Depreciated] features
> impact is so large it requires this level of action
Where can this impact be studied?
Given there is no research, there must be a way to visualize the impact.
> Windows XP clients still running today, making the
> internet less secure.
Business clients pay money to keep MS supporting XP systems, though that
doesn't weaken the internet as a whole.
> every current Tor MAY eventually prove so broken it
> needs to go away
It feels like a decision that the operator should make but I kind of see
the issue with abandoned clients.
The poison consensus seems fun.
Thanks for taking the time to write, it means a lot (:
More information about the tor-dev