[tor-talk] 100-Foot Overview on Tor
teor
teor2345 at gmail.com
Wed May 6 09:28:38 UTC 2015
>
> Date: Tue, 5 May 2015 18:49:39 -0500
> From: Tom Ritter <tom at ritter.vg>
>
> On 5 May 2015 at 07:53, Fabian Keil <freebsd-listen at fabiankeil.de> wrote:
>> Great.
>>
>> A couple of comments (about v1.3):
>
> Thanks! I made the changes and put up a 1.4
>
>> Page 141 and 142 seem to suggest that parsing strings is more
>> likely to be vulnerable than parsing binary data. Is that intended?
>
> No but mostly yes. It's more a surprise factor: when I tell people tor
> uses HTTP to upload and download things, they're not surprised - when
> I tell them it has its own HTTP server implementation that does all
> the parsing of the requests, they're much more surprised. I'm not
> saying tor's code is insecure (I put up a $bounty inside my company
> with my own money to anyone who finds a bug in it actually) - but
> implementing your own HTTP server is not a recommended action. :)
>
>> Is the source of the PDF available under a free license?
>>
>> I'm currently preparing a (German) presentation about location
>> hidden block storage and could reuse the HS-related parts:
>> http://chaos.cologne/Fahrplan/events/6653.html
>
> It's (now) http://creativecommons.org/licenses/by-sa/4.0/
>
> As far as the sources.... well, I made it in keynote. Yes, I know I'm
> a bad person. I can export it as powerpoint, html, images, or pdf and
> send you any one of those five. (Or all of them.)
Hi Tom,
Some further feedback:
Page 20:
Can you explain why you say that consensuses are valid for 24 hours, and not 3 hours?
Page 113:
I think there are 3 relays between the client and introduction point, not 2.
In new_route_len(), each circuit with an endpoint chosen by another relay gets an extra hop, and the hidden service chooses the introduction point, not the client.
I could be wrong about this - the path code has a few special cases that I haven't quite got my head around.
teor
teor2345 at gmail dot com
pgp 0xABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20150506/f03dbc1f/attachment.sig>
More information about the tor-talk
mailing list