On 4/17/15, Peter Palfrader <wea...@torproject.org> wrote: > On Fri, 17 Apr 2015, Jacob Appelbaum wrote: > >> On 4/17/15, Peter Palfrader <wea...@torproject.org> wrote: >> > so, Tor has included a feature to fetch the initial consensus from >> > nodes >> > other than the authorities for a while now. We just haven't shipped a >> > list of alternate locations for clients to go to yet. >> > >> > Reasons why we might want to ship tor with a list of additional places >> > where clients can find the consensus is that it makes authority >> > reachability and BW less important. >> > >> > At the last Tor dev meeting we came up with a list of arbitrary >> > requirements that nodes should meet to be included in this list. >> > >> > We want them to have been around and using their current key, address, >> > and port for a while now (120 days), and have been running, a guard, >> > and >> > a v2 directory mirror for most of that time. >> >> Is there a way to make the Tor Dir Auths produce that file as a >> verifiable consensus every hour? Or is there a way to make the client >> set that list of constraints and then we can just use a normal >> consensus file? > > I think this list would be created at release time and ship with the > tor binaries/source.
That gives a build person a lot of power - should we expect each distro to do it correctly? I trust that you will do a fine job but I'm not sure about others... It gives an attacker an opportunity to segment or partition a view of the network, I think. If the document is a strict signed subset produced by the current Dir Auths, I think we'd not have that concern. All the best, Jake _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
