On 2013-07-11, at 4:32 PM, Andy Isaacson <a...@hexapodia.org> wrote:
> On Thu, Jul 11, 2013 at 12:23:25PM -0700, Mitar wrote: >> BTW. Even Tor has centralized directory servers. > > It's incredibly misleading to imply that the Tor DA design provides a > similar threat to a server-hosted-crypto proprietary privacy app. (I'm > not accusing you of intentionally misleading, but the claim that you're > repeating is misleading.) > > The Tor DAs are run by multiple individuals in diverse legal > jurisdictions, and their sole purpose is to make a publicly checkable > attestation of public facts. The implementation run by the DAs is open > source and has been developed in public according to a public design for > a decade, in accordance with Kerckhoff's Principle. I agree with your post generally, but I must beg your pardon and address something a bit off-topic: A year ago, two DAs were subject to a DDoS. This prevented people from connecting to the Tor network very substantially. The network was largely inaccessible for a few hours. If DDoSing two computers can do this, you have a problem. Let's not downplay the fact that directory servers are indeed centralized and fragile. Having six servers spread across multiple IP address spaces doesn't exactly solve this problem. NK > > A non-open-source privacy app developed by a single company has a > corporate nexus of control, a single jurisdiction to get a secret > warrant in, and a single codebase and update server/signing-key to > compromise giving 'the keys to the castle'. > > Even if an attacker were to secretly compromise all of the Tor DAs and > publish a malicious consensus, the break is only to anonymity, not to > message privacy. (Granted, anonymity is a major selling point for Tor > and that break would be a major problem, but it's still not as severe a > break as the messaging app compromise.) > >> And it does not >> really matter if the code there is open source or not, because you >> anyway cannot know if they are really running some particular code >> there or not. > > Being closed source doesn't fix this problem, so how is that a useful > response to the advice "never trust a closed source privacy app"? > > Seatbelts don't help when your car flies off a cliff. It's still a good > idea to wear your seatbelt, for the 99% of crashes where they do help. > > Having open review of the design and implementation of your privacy app > isn't enough to solve all of the potential compromises. But it's still > a good idea to have open review which will help address a vast number of > vulnerabilities. > > -andy > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech