[tor-talk] Directory Server Decentralization

Mike Perry mikeperry at torproject.org
Thu Jan 31 13:24:17 UTC 2013


Thus spake Raynardine (raynardine at tormail.org):

> On 1/30/2013 6:08 PM, Andrew Lewman wrote:
> > PIR-Tor is another idea, not quite DHT, not quite the current model,
> > http://www.usenix.org/events/sec11/tech/full_papers/Mittal.pdf 
> 
> Hmm. I don't think a DHT is strictly-speaking what I'd recommend, but if
> a bunch of men with guns arrested the administrators of the directory
> authorities and demanding their private keys, I doubt that those
> administrators could really limit the scope of damage.

Can you explain why multipath consensus verification would not address
the issues you're concerned about?

> After reading about PIR-Tor, I am not amused and not pleased.

We're also not fully convinced that either TorSK or PIR-TOR solutions
are perfect (or even across-the-board improvements). That's why we
haven't deployed them.

In addition to having their own debatably risky security properties,
each approach will introduce their own new engineering problems,
especially on the load balancing, metrics, and performance end.

> I'm sure you guys would not care if I left, and you probably wouldn't
> care if those I know also left Tor, but if you guys do not take this
> matter seriously, Tor will become irrelevant.

Signed consensus documents that everyone can globally verify are the
best way we know of to "take this matter seriously".


-- 
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20130131/f88da5b2/attachment.pgp>


More information about the tor-talk mailing list