On Sun, Jan 24, 2016 at 04:13:18PM -0800, Spencer wrote: > > > >leave the route selection to Tor > > > > Is this that trust thing people are always talking about? >
A little terse to know, but onion routing is designed around diversity of trust. Just to be clear, this does not mean 'let the Tor Project Inc. or the Tor Director Authorities (itself a diverse set) or... select a route and hand it to you'. It does mean 'let the Tor software use its randomized algorithms to select a route that makes tradeoffs of performance and security that experts have thought about'. There are of course configuration settings so you can do differently if you want. If anyone wants to do that, they should try to make as informed a choice as possible and understand what the issues are. We have made a number of mathematical and experimental analyses, policy languages, etc. available to understand trust in route selection for Tor or other onion routing systems, taking into account a wide range of adversary types. The most recent published work we have on this is "20,000 In League Under the Sea: Anonymous Communication, Trust, MLATs, and Undersea Cables" available at http://www.degruyter.com/view/j/popets.2015.1.issue-1/popets-2015-0002/popets-2015-0002.xml?format=INT This is ongoing evolving research. This is not ready for deployment for everybody's Tor clients to do their own trust-aware route selection. And, one of the observations of this work is that you should probably always use the default settings unless you have specific other adversaries in mind and understand how diverging from the pack will affect you. What this work will do is help people who want to use different route selection choices to understand those choices, and it will eventually impact the default and alternative route selections built into the Tor software. It also focuses just on route selection. Tor does other things to diversify trust. For example, Tor's binaries have for the last few stable releases reflected reproducible (or determistic) builds, which means that people can independently verify that the officially distributed binaries are compiled from the officially distributed source programs. If they did not match, anyone could test and expose that. See https://blog.torproject.org/category/tags/deterministic-builds aloha, Paul -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
