first off, please only reply to the mailing-list address otherwise ppl like me are getting your messages double, just like you will get now...
--- On Tue, 4/28/09, Scott Bennett <[email protected]> wrote: [cut for clarity] > Laying aside for the moment the matter of how the rest > of the tor nodes > should determine the trustworthiness/credibility of the tor > instance making > the announcement or even why the tor network, either as a > "whole" or as > individual nodes, should care about the integrity of a > client (!), how to you > propose to calculate a verification digest--a CRC would not > likely be > considered adequately reliable--based upon the executable > binary of software > that > a) comes in many successive version, > > b) can be compiled for many hardware architectures, not > all of which > are necessarily known to the developers, > > c) can be compiled for many operating systems, not all of > which are > necessarily known to the developers, and > > d) can be compiled by untold numbers of versions of many > compilers, > not all of which are necessarily known to the developers? All of the above can be waifed void, when those versions are announced on the mailing list. > > >IMHO, this kind of "login procedure to enter the > tor-network" will make it more secure and manageable. > > More secure and manageable for whom?? Big Brother? > Obviously not for > the supposedly anonymous tor user...jeesh. Ofcourse not silly.... - More secure for the "anonymous tor user" because he will be forced to upgrade its client to stay connected to the tor-network, if (s)he doesn't upgrade his/her insecure client (s)he will be denied by other tor's to the network. - More manageable for the tor development team, because they will know exactly which versions are being used by current users of the tor program. > > >Again, i have _no_ idea at present how the tor program > handles things at present, so if its already done like that > or even better just disregard what i wrote :D > > > It doesn't, and it shouldn't.

