[tor-talk] Possible upcoming attempts to disable the Tor network

Jim jimmymac at copper.net
Fri Dec 26 09:58:49 UTC 2014


Thomas White wrote:
> Generally some criteria for DirAuths are people who are trusted by the
> community, aren't raided very often/have legal troubles/could be
> legally compromised, people with an extensive understanding of how Tor
> works and people who can secure their systems from attacks. Remember
> every time a dirauth is added or change IP a new tor version must be
> released as they are hardcoded so it isn't a simple process to add a
> new one, not to mention intra-dirauth communication and verification.

I don't know about the intra-dirauth communication, but as far as the
directory authorities being hard coded, would it make sense to put them
in a small configuration file instead?  If for some reason it is deemed
undesirable to allow users to alter that file, there could be a
requirement the file be signed with one or more private keys and have
the corresponding public keys hardcoded into the code.  It would be much
easier and cheaper to distribute a new, small, signed configuration file
than to release and distribute a whole new version of tor.

Jim




More information about the tor-talk mailing list