[tor-relays] [tor-talk] Platform diversity in Tor network [was: OpenBSD doc/TUNING]

Libertas libertas at mykolab.com
Wed Nov 5 17:55:44 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I hope I don't sound too pompous saying this, but I really don't think
relays should run on Windows. Windows is the primary target of
weaponized and general exploits, and it's less secure than a properly
configured Unix distribution. People running nodes, especially exit
nodes, have a responsibility to their users, and I just don't think
Windows is the best choice in that regard.

This is especially relevant with potential adversaries like the
Chinese government, who can buy Windows exploits that can't be
prevented by user configuration, and can't be recognized by public
auditors because of the closed source code. Market *nix exploits also
exist, but (IIRC) they're much rarer and less expensive.

It's possible that I'm wrong, though. Let me know if Windows is more
secure than I think.

Libertas

On 11/05/2014 11:15 AM, Tom Ritter wrote:
> On 5 November 2014 03:04, grarpamp <grarpamp at gmail.com> wrote:
>> On Tue, Nov 4, 2014 at 12:25 PM, Libertas <libertas at mykolab.com>
>> wrote:
>>> I think it would be a good idea to add OpenBSD to doc/TUNING
>>> because [...] promoting OpenBSD relays benefits the Tor
>>> network's security.
>> 
>> Absolutely. Not just due to OpenBSD's security positioning, but 
>> moreso from network diversity. Windows is its own world.
> 
> I tried installing OpenBSD once... it was tough, heh.
> 
> Coming from a Windows background, I like the idea of running more 
> nodes on (up-to-date, maintained) Windows servers.
> 
> I'll also throw out the obvious that if we're talking about
> diversity for the purposes of security, the network-accessible
> parts of tor rely on OpenSSL, which would probably be difficult to
> swap out, but might be worth it as an experiment.  Even if it's to
> LibreSSL.  Maybe the zlib library also, but that one's had a lot
> fewer problems than OpenSSL.
> 
> -tom _______________________________________________ tor-relays
> mailing list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUWmSgAAoJELxHvGCsI27NfukP/ie52CTXDH4sKGjArvPTeJZM
6IsZWmjobAfS+WzzfUGj0n2bPLgPF7t63532H5FVdZpdtYpKW1CfD9N2JIQ+QU/Y
JtLjfUt94a98PyRj1K4+aCS7EhpCyrL6/xuOUuBe+7mtAOSSbMzItD85TEepMG6M
foRTGgkYBLpfsHhi+UglA0MQGrR1TFK9uXlza7mEJKP+dll1ihjrYxf5HgP0wbXY
j2TAXg319ldW1VddynJyux7cP0hiZ4yc8i5VvSwqPHe8BDc+MHy96gbqwLam3/XD
yOkUNjItfcHfQfBCZh5F8S/qTKV7YJGD12EdBPclHkRCGULQ/gu2awVVEluWe/Q8
uYcYJKvG1BONr5/6ycIUUFVtWgZKnNrA+88bVkndvyAwqgTVcaJPYjj9yKemHysa
xNyJYY3/DkiJa3UaLqZVzahe8HJYSanglWecIk/Jhk8JATS/dgca/ETaBWiJlTsC
lC+vDj93wB7NxVdMdcnbeQZynTD38midDHJ+VYglMJuApCNils4OOJgI4D+5VJhQ
4xkOuBoNRFAsRqsXIzmUX3/5DkpJWCGL2rRxyqwXO1BRSck8ri6EOZ5jxJAznFoG
izb2ykPPWWCemf/JaVPQLKPbahA4nvTIT0IH7PFgmg3ShDi6eU2fBWxJVwpNalOd
4FooMwRuainfoP+PGWm/
=Qa6H
-----END PGP SIGNATURE-----


More information about the tor-relays mailing list