[tor-talk] Why make bad-relays a closed mailing list?
BM-2D8wMEVgGVY76je1WXNPfo8SrpZt5yGHES at bitmessage.ch
Thu Jul 31 19:21:59 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
>> What would be the catch with making these reports and discussion
>>> public? Would it help bad actors? They will eventually find out
>>> about the consensus changes anyway, no?
> I think we need to distinguish between the report and the
> discussion. Ultimately, a report that is acted upon *cannot* remain
> secret. As soon as a relay gets the BadExit flag, the operator can
> figure out that they got caught. As a result, I believe that the
> mere fact that a relay was blocked (via BadExit or reject) can be
> published. There is an ongoing discussion if we should do that.
> The discussion of observed malicious behaviour, however, can give
> the attacker a lot of knowledge which they can exploit in order to
> evade detection in the future. Consider, for example, an HTTPS
> MitM attack which targets a small number of web sites. If somebody
> reports only one of these targets, the attacker can spawn a new
> relay after discovery and simply reduce the set of targeted sites
> in order to remain under the radar. This seems to be an uphill
> battle and it's difficult to have full transparency without giving
> dedicated adversaries a big advantage.
You might find the proven approach used in other areas (security bugs)
a viable option:
Keep the discussion private until a decission has been reached, make
it (the discussion) public once the report has been closed (whether
with or without a flag or reject entry).
This allows for transparency while at the same time shouldn't
interfere with ongoing investigations.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the tor-talk