On Mon, 27 Apr 2009 23:57:17 -0500 (CDT) Scott Bennett <[email protected]> wrote:
In general, these options seem a fine way to partition the tor network. Possibly more so for new releases and arbitraging the time during which clients and relays upgrade. Tor clients already don't trust the relays. The risk is possibly more to the relay operator than the tor clients using their relay. It's their OS in most cases that's at risk, not so much the Tor network. > b) tor clients will not choose relays whose versions do not > match a version listed in server-versions when choosing routes for > circuits. This could be implemented as additional code in > circuitbuild.c or it might be implemented more simply by having the > authorities refuse to give a "Valid" flag to such relays. An option to allow your client to only select from a list of relays running a version as agreed by the DA's as recommended seems the better of your a vs b. We should stop talking about making the relay trust the client. I don't think implementing a DRM scheme serves Tor in any way. If you think of Tor like TCP, then the whole discussion gets silly. Tor is an anonymizing protocol on top of tcp/ip, for now. Hidden services and such are example applications that use Tor, the protocol. Roger and I have had conversations about this thread in taxis, train stations, and the like as we've been traveling. I'm sure he'll comment at some point. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identica/Twitter: torproject

