On Fri, 19 Nov 2010 08:11 -0500, "Paul Syverson" <[email protected]> wrote: > Your reactions are good. It's just that many people have had the > same reactions so we've explored this, and nobody in all of the research > done has yet produced a viable version of what you suggest.
The nature of the attack outlined in the paper is expensive. The paper suggests rapid deployment, collection of data, and undeployment. The longer the interloping system runs, the more it costs. Perhaps, at a network level, we can detect a sudden massive deployment of ORs and mark them as suspicious? Or, as mentioned earlier, we can assign an OR a level of trust commensurate with its age? (Admittedly, this may increase security at the expense of delayed benefit of new ORs) Either of these tactics may help to make such an attack more expensive and/or less effective. Seems better than doing nothing. Thoughts? -- http://www.fastmail.fm - Faster than the air-speed velocity of an unladen european swallow *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
