On Wed, Feb 08, 2012 at 07:59:08PM -0800, Mike Perry wrote: > Thus spake Andrew Lewman (and...@torproject.org): > > > On Wed, 08 Feb 2012 23:13:44 +0100 > > Moritz Bartl <mor...@torservers.net> wrote: > > > I believe it's more important to make it easy for people to detect Tor > > > and deal with it differently in the first place. The second step then > > > is to provide useful alternatives to blocking. > > > > Perhaps someone wants to implement nymble, > > http://cgi.soic.indiana.edu/~kapadia/nymble/index.php > > I admit I haven't read all of the various iterations of the Nymble > literature, but every one I've looked at so far seems to start with > "Assume you have some expensive, scare resource. Let's say IP > address"...
Just add to your sense of inadequacy, a nice new addition was presented at NDSS today https://www.cs.indiana.edu/~kapadia/publications.html#blacr But, yes if people can generate at virtually no cost arbitrary numbers of new IDs from which they can register, then it won't matter what controls are placed on the registered users by the nym system. > > Even if they blind it properly with some clever distributed trust scheme > that requires multiple colluding parties to divulge the entire Tor > userbase IP list, it seems to me that IPv4 addresses aren't really > scarce when you're talking about one-time use only to obtain a Nym that > can be used for a while. > > Therefore, my current thinking in > https://trac.torproject.org/projects/tor/ticket/4666 is that if we can > authenticate computation as the scarce resource, why do we even need a > full Nymble server? At best it *might* ease implementation for account > banning, but it probably would just add another point of failure and > useless complexity. > > Am I wrong? > Not sure in practice. Incentives and tolerance for users is tricky business. Note however that Nymble and its ilk are generally independent of what the scarce resource is, so if your suggestion works, it should be compatible. As to your question, a main contribution of work in this area is that one establishes revocable credentials for clients. So if computation is a scarce resource, it would be one that clients need spend only rarely. Once they have the credential, they can log in without that expense as long as they behave. I defer to others whether this advantage is worth the costs and risks for particular cases. aloha, Paul _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
