Tor bug?: AllowInvalidNodes
Nick Mathewson
nickm at freehaven.net
Wed Aug 16 19:40:20 UTC 2006
On Wed, Aug 16, 2006 at 06:57:23PM +0000, crackedactor at supanet.com wrote:
>
> This is all very worrying.
>
> First I find out that my torcc config file which is configured to
> "AllowUnverifiedNodes middle,rendezvous" is a no longer valid config
> statement.
>
> Then I find out that the replacement "AllowInvalidNodes
> middle,rendezvous" doesnt work.
It works. It just doesn't mean what you thought.
> Now I find out that it was never intended to work and that it was
> never an "AllowUnverifiedNodes" replacement.
Sure it was. "Unverified" and "Invalid" are the same concept:
'attested to as likely to be okay by the directory server.' The only
that has changed is the name.
Why did we change the name?
Because "Verified" was a stupid name. It implied that we had a good
way to go out and tell whether a node's operator was honest, upright,
and competent, and whether the node was physically secure and
non-eavesdropped.
If you were under the impression that we had a way to do this, sorry.
If you know a way to do this, please let us know. We're all ears.
Please keep in mind that we haven't got much cash to do this with, and
what cash we do have, we'd rather spend on rent and food and
developing Tor.
[...]
> If some "unverifiednode" exit server adversary has set themselves up
> in business of monitoring TOR users then isnt it because
> "AllowUnverifiedNodes" was removed (effectively).
Right, you're confirming that we were right to change "Verified" to
"Valid". Apparently, you *did* think that "verified" was a magicial
stamp of good intentions.
[...]
> Personally, I think its irrelevant today, that at one time persons
> had to be known personally to run a verified server. Quaint but
> irrelevant. But hey, I dont mind having someone round to my place
> from the UK to verify me. Why not have 3 levels of security - level
> 2 - Registered - just what we have now. Level 1 - Verified - visit
> their setup. Level 3 - unregistered & unverified. And give us a
> config statement to use these levels or not.
Dude, we're not going to impose a worldwide server auditing system.
We're not going to visit server operators' houses. Even if it did,
what would it prove? Any organization could set up servers in a bunch
of its members' houses. Are we supposed to do background checks?
> On a related issue, I have attempted to the "ExcludeNodes" config
> and it doesnt seem to work. I am sure that of the dozens of nodes
> I've tried to exclude (and failed to exclude - test only) ALL of
> them cannot be my "guard" nodes. Ok this might only be winOS,
> perhaps everyone should check it out for themselves. Just to be
> sure. I've noticed others have seen similar. Re-check.
ExcludeNodes *is* supposed to work. If it doesn't, submit a bug
report. Warning! You will need to describe *exactly* what you did,
and *exactly* what Tor did in response. Logs will help. This is too
hard for many people.
frustratedly yrs,
--
Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060816/5604afc7/attachment.pgp>
More information about the tor-talk
mailing list