The use of malicious botnets to disrupt The Onion Router
Andrew
tor at kleinhirn.org
Sat Feb 2 13:45:09 UTC 2008
Chad Z. Hower aka Kudzu wrote:
>> A manually administered . . . centralized list? Because, call me crazy,
>> but a centralized list of "authorized routers" has some very, very
>> obvious flaws in it, both technical and security-related.
>>
>
> Maybe a trust model? Ie like Facebook.. I trust my friends.. they trust
> their friends... Removes some anon a bit ... but if you have 3 levels as I
> believe TOR does should provide some reasonable level of anonymity and maybe
> what is sacrificed could be recompensated by other means.
>
>
Nice thougt, but on second thought impracticable for various reasons: as
you pointed out, it sacrifices security, which IMO is not up for
discussion. Also, it would become much harder for new tor nodes to be
added to the network (I, for example, do not know any other tor
operators personally) and therefore would also sacrifice potential
capacities and performance. Plus, we don't really gain any security,
since an "attacker" would only have to gain the trust of one established
operator with one legitimate node to add the imaginary thousands of
illegitimate others to his trust list and therefore to the web of trust.
Just my thoughts...
Andrew
More information about the tor-talk
mailing list