[tor-talk] Why make bad-relays a closed mailing list?

Philipp Winter phw at nymity.ch
Thu Jul 31 00:27:41 UTC 2014


On Wed, Jul 30, 2014 at 11:33:05PM +0000, Nusenu wrote:
> I raised this question already some time ago [1] but I guess the
> discussion there ended with the busy PETS week ;)

Sorry, I must have missed that email.  First of all, thanks for your
feedback and for putting so much thought into this!

> What would be the catch with making these reports and discussion
> public? Would it help bad actors? They will eventually find out about
> the consensus changes anyway, no?

I think we need to distinguish between the report and the discussion.
Ultimately, a report that is acted upon *cannot* remain secret.  As soon
as a relay gets the BadExit flag, the operator can figure out that they
got caught.  As a result, I believe that the mere fact that a relay was
blocked (via BadExit or reject) can be published.  There is an ongoing
discussion if we should do that.

The discussion of observed malicious behaviour, however, can give the
attacker a lot of knowledge which they can exploit in order to evade
detection in the future.  Consider, for example, an HTTPS MitM attack
which targets a small number of web sites.  If somebody reports only one
of these targets, the attacker can spawn a new relay after discovery and
simply reduce the set of targeted sites in order to remain under the
radar.  This seems to be an uphill battle and it's difficult to have
full transparency without giving dedicated adversaries a big advantage.

Cheers,
Philipp


More information about the tor-talk mailing list