On Fri, 19 Nov 2010, Theodore Bagwell wrote:
On Fri, 19 Nov 2010 08:11 -0500, "Paul Syverson"
<[email protected]> wrote:
Your reactions are good. It's just that many people have had the
same reactions so we've explored this, and nobody in all of the research
done has yet produced a viable version of what you suggest.
The nature of the attack outlined in the paper is expensive. The paper
suggests rapid deployment, collection of data, and undeployment. The
longer the interloping system runs, the more it costs.
I don't think it sounds expensive at all - I suspect a private individual
could ramp this up for $10k per month or less. It's not chump change, but
it's not exactly at the nation-state level either...
(I am thinking of Amazon EC instances, etc.)
Perhaps, at a network level, we can detect a sudden massive deployment
of ORs and mark them as suspicious?
Or, as mentioned earlier, we can assign an OR a level of trust
commensurate with its age? (Admittedly, this may increase security at
the expense of delayed benefit of new ORs)
Isn't this problem an obvious "web of trust" application ? Can't this be
solved by a pgp-style web of trust ?
I don't like the idea of solving it this way because I rather like running
my tor node(s) in complete anonymity, so it's not something I necessarily
want to be involved in ... but theoretically, that would solve it, no ?
***********************************************************************
To unsubscribe, send an e-mail to [email protected] with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
