[tor-talk] Why does requesting for bridges by email require a Yahoo or Gmail address?
isis
isis at torproject.org
Mon Jul 28 01:59:46 UTC 2014
Mirimir transcribed 2.8K bytes:
> On 07/24/2014 08:38 PM, Matthew Finkel wrote:
>
> <SNIP>
>
> > Another distribution method is currently being written and we will
> > write others in the future, but please help us provide another way
> > (yes, you, please help us if the current situation is unsatisfactory!).
> > The more people we can safely help, the better.
>
> In wiki:org/projects/projectM/brainstorming[1] I see "Better support for
> "Proximax" scheme". But I haven't found anything in trac.torproject.org
> that mentions the DNS-based fast flux approach presented in McCoy et al.
> (2011)[2]. For example, I see nothing about that in ticket 7520[3].
>
> Has the DNS-based fast flux approach been explicitly rejected?
>
> If so, why?
>
> As background, McCoy and coworkers explain[2]:
>
> | As previously stated, each registered user has an individualized
> | host name (which take the form of a unique domain name registered
> | with DNS). In order to make it difficult to discover and ban
> | channels we piggyback on the DNS infrastructure, using a
> | technique, commonly employed by botnets and malware distributors,
> | called fast flux. As part of this technique Proximax will register
> | multiple proxies to the same domain name and uses round-robin DNS
> | along with short Time-To-Live (TTL) values to create a constantly
> | changing list of proxies for that single domain name. This
> | additionally allows Proximax to automatically load balance
> | resources by adding and removing proxies based on current
> | utilization levels.
>
> Even so, Proximax is vulnerable to adversaries who register multiple
> users, and then block bridge IP addresses that they learn, perhaps at
> plausibly gradual rates. Starzer[4] proposes a defense against such
> adversaries. In his version, each bridge domain name is assigned to a
> group of users. Group reputation increases over time, and
> high-reputation groups preferentially get both new bridge IP addresses
> and new members. Groups are split whenever one of their bridges is
> blocked, and the reputations of both subgroups are reduced. Over time,
> an adversary's users become restricted to increasingly smaller groups
> with increasingly poor reputations.
>
> I do see similar ideas in trac.torproject.org, but no cites to Michael
> Starzer's masters thesis.
Hey, thanks very much for mentioning that paper! I've somehow not seen it
before. I'm putting it at the top of my reading list. :)
> [1] wiki:org/projects/projectM/brainstorming
> <https://trac.torproject.org/projects/tor/wiki/org/projects/projectM/brainstorming>
> [2] McCoy et al. (2011) Proximax: A Measurement Based System for
> Proxies Dissemination
> <http://cseweb.ucsd.edu/~dlmccoy/papers/mccoy2011fc.pdf>
> [3] Tor ticket 7520 <https://trac.torproject.org/projects/tor/ticket/7520>
> [4] Starzer, M. (2013) Optimizing Tor Bridge Distribution (Masters
> Thesis) <http://kau.diva-portal.org/smash/get/diva2:608803/FULLTEXT01.pdf>
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Post scriptum: I would really love it if there were more collaboration between
academics researching these systems and their maintainers/developers. I'm just
going to throw that vague wish out into the void.
--
♥Ⓐ isis agora lovecruft
_________________________________________________________
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1154 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140728/22d191b3/attachment.sig>
More information about the tor-talk
mailing list