[tor-talk] On verifying security of Tor Routers idea
grarpamp
grarpamp at gmail.com
Sat Dec 24 09:51:36 UTC 2011
> PHASE-4: Full Public Disclosure
I would strongly object to publishing any data that is node
specific/identifiable. Admins deal with background traffic
and pro crackers every day. But we don't need people
throwing up targets for the sort of chantards that inhabit
Tor to simply launch their useless scripts against 4tehlulz.
Also, dropping insecure nodes won't do much but remove
useful nodes... 'evil' entities will want to deploy tamper proof
nodes. (Discovering subgroups of fingerprints across the node
set would be interesting...) Given the trivial cost for such entities
to run said nodes, we actually need every user's node as
defense, regardless of who happens to 0wn it or not at the
moment.
Two useful things to do are:
- collect and publish aggregated stats. no different than
any other security or network research project.
- provide a scan service for those who come to you for it.
much like remote uptime monitoring services do.
More information about the tor-talk
mailing list