[tor-dev] blacklisting relays with end-to-end correlation capabilities?
Sebastian Hahn
hahn.seb at web.de
Tue May 9 12:11:25 UTC 2017
Dear all,
below mail was meant to make it to tor-dev, but I got a bounce and didn't
notice until now. Whoops, my apologies.
> On 8. Dec 2016, at 14:29, Sebastian Hahn <tor at sebastianhahn.net> wrote:
>
> Hi,
>
>> On 08 Dec 2016, at 14:03, nusenu <nusenu at openmailbox.org> wrote:
>>
>> Dear tor directory authorities,
>>
>> TLDR: Would you blacklist relays with end-to-end correlation capabilities?
>>
>> I'm asking to find out whether it makes sense to put any effort into
>> finding such operators [2]. If most dir auths would not blacklist such
>> relays than it does not make sense to look for them I guess.
>>
>> So please let us know whats your opinion on that - thank you.
>>
>>
>> More information below and there [1]:
>>
>>
>> The process could look something like this:
>>
>> - someone identifies such a relay groups (basically based on contactinfo
>> [2])
>> - contact the operators asking to fix this (ideally this would be a
>> @torproject.org sender)
>> - give them 15 days to fix it
>> - if not fixed: blacklist respective guard relays
>> - give them the possibility to get removed from the blacklist once fixed
>
> I do not think that this is worthwhile. It establishes a precedent where
> setting your contact info is something that gets you banned, potentially
> incorrectly because it's unauthenticated, whereas we're unable to identify
> people who actually maliciously run several relays without such indicators.
>
> Additionally, it's yet one more thing to update the dirauths' configs
> for, but with rather more overhead as we might get multiple mails back
> and forth about how MyFamily is annoying to maintain, how they're just
> trying to help, etc. All not so bad arguments.
>
> If we did this, also why would we blacklist the nonexit relays? That
> seems to not make sense, as a relay operator could have multiple relays
> that act as guard and exit simultaneously. I think we'd need to
> blacklist at least all the exit relays, if not all of them. BadExiting
> them would then be the more sensible choice. Scarcity of resources has
> in the past led us to bad designs like Valid/Invalid relays etc, which
> causes way more annoyances than good things.
>
> Cheers
> Sebastian
Cheers
Sebastian
More information about the tor-dev
mailing list