Re: [tor-relays] Two research groups studying onion services and running relays

2017-08-09 Thread Roger Dingledine
On Thu, Aug 10, 2017 at 12:15:00AM +, nusenu wrote:
> Isn't that more relevant to HS operators than relay operators?

No, not really. The relay operator community is the one with standards and
consensuses about what counts as a well-behaving relay, and what kinds of
"groups of relays that might look like a Sybil attack" are acceptable,
and (related to the Sybils) how much of the network any one entity
should control.

> > I want to let you know about two upcoming research projects by academic
> > research groups. The tl;dr is that they're running relays to do certain
> > measurements, and so far as we can tell the proposed methodology is
> > safe enough and worthwhile enough, but we invite you (and everybody)
> > to evaluate it too.
> 
> Do you review the design and implementation or design only?

Design only. There's an argument to be made for looking at the code
too, but if I wanted to do that correctly, I would want to observe the
deployment as well, and go check out the configuration of the machines,
and interview the grad students who will be handling the data sets,
and etc etc. I'm not sure where to draw the line, but assessing what
they plan to do seems like a reasonable choice.

> > In particular, check out cases 2017-02 and 2017-03. They have each
> > put up a web page explaining their research project and why it's safe,
> > and listing which relays are associated with the research.
> > http://tor.ccs.neu.edu/
> 
> Trying to access this page via https times out.
> https would be appreciated.

I noticed that too, but I guess not everybody is on the Let's Encrypt
bandwagon yet. :)

> http://tor.ccs.neu.edu/safety-board.pdf wrote:
> > An adversary compromising  $n-1$   HSDir servers   
> > cannot infer anything about counters or onion addresses.
> 
> If you design a system with these properties
> shouldn't the ISP also be part of your threat model?
> (especially with what we observed lately in FR)

I think that's why they have three different locations (operated by
three different research groups) for the relays.

But oh hey, you're right, it looks like their implementation was simply
to have three different research groups all run relays at the same ISP. :(

Especially when they're all on VMs, it becomes a more straightforward
exercise than I think they realize for the ISP to just go suck out all
the memory of these systems.

> Does the stated geo-diversity relate to the entities operating the
> measurement nodes or the location of the measurement nodes themselves?
> (I guess it is the former)
> 
> If the list of fingerprints at http://tor.ccs.neu.edu/
> is in fact complete and Maxmind has proper IP-to-AS data for these IPs
> than _all_ participating measurement servers are hosted using a
> _single_ hoster.

Yes, it sure looks like this is the case.

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


Re: [tor-relays] Two research groups studying onion services and running relays

2017-08-09 Thread nusenu
Roger Dingledine:
> Hi relay operators!

Isn't that more relevant to HS operators than relay operators?


> I want to let you know about two upcoming research projects by academic
> research groups. The tl;dr is that they're running relays to do certain
> measurements, and so far as we can tell the proposed methodology is
> safe enough and worthwhile enough, but we invite you (and everybody)
> to evaluate it too.

Do you review the design and implementation or design only?


> In particular, check out cases 2017-02 and 2017-03. They have each
> put up a web page explaining their research project and why it's safe,
> and listing which relays are associated with the research.
> http://tor.ccs.neu.edu/

Trying to access this page via https times out.
https would be appreciated.


http://tor.ccs.neu.edu/safety-board.pdf wrote:
> An adversary compromising  $n-1$   HSDir servers   
> cannot infer anything about counters or onion addresses.

If you design a system with these properties
shouldn't the ISP also be part of your threat model?
(especially with what we observed lately in FR)

[...]
> Again, we run relays controlled by three different entities over two 
> continents
> with different jurisdictions, so avoid coerced disclosure of data.

Does the stated geo-diversity relate to the entities operating the
measurement nodes or the location of the measurement nodes themselves?
(I guess it is the former)

If the list of fingerprints at http://tor.ccs.neu.edu/
is in fact complete and Maxmind has proper IP-to-AS data for these IPs
than _all_ participating measurement servers are hosted using a
_single_ hoster.

http://tor.ccs.neu.edu/ wrote:
> Experiment Status: OFF
> We are not running our relays and experiments now.

At least the relays seem to be running.

Please publish the timeframe during which you will measure (like
https://onionpop.github.io/ does) so HS operators who want to opt-out
can shutdown their onions during that time if they wish to do so.


-- 
https://mastodon.social/@nusenu
https://twitter.com/nusenu_
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays