[tor-dev] Much-revised draft, RFC: removing current obsolete clients from the network

[Spencer]

Hi,

> 
> Nick Mathewson:
> I should try to clarify!
> 

Awesome!

> 
> questions don't seem to apply to proposal 266
> 

They are about the central control of a [somewhat] distributed network, 
specifically, the execution of clients on behalf of the operator.

So, #264 & #266.

> 
> I've tried to split the first version of the
> proposal into 2.
> 

I understand the proposals as:

>> 
>> prop#264 is for how things _should_ work ;
>> prop#266 is what we do in the absence of
>> client-side support in existing Tor versions.
>> 
>> anybody who doesn't know how to die via prop264
>> will be killable in whatever way we choose for prop266.
>> 

And would recommend the titles [though obviously not as relevant as the 
contents]:

'How to ensure client death'

'How to kill clients that wont die'

> 
> I'm not aware of anything published.
> 

Bummer ):

> 
> reasons:
> 
>   1) A non-updated Tor is insecure.
>   2) the bulk of [some older] deployed versions appear
>      to be defunct botnets
>   3) [Depreciated] features
> 

Word.

> 
> impact is so large it requires this level of action
> 

Where can this impact be studied?

Given there is no research, there must be a way to visualize the impact.

> 
> Windows XP clients still running today, making the
> internet less secure.
> 

Business clients pay money to keep MS supporting XP systems, though that 
doesn't weaken the internet as a whole.

> 
> every current Tor MAY eventually prove so broken it
> needs to go away
> 

Word.

It feels like a decision that the operator should make but I kind of see 
the issue with abandoned clients.

The poison consensus seems fun.

Thanks for taking the time to write, it means a lot (:

Wordlife,
Spencer