Hi Yuhao! Some of the things Tor does (e.g. public list of nodes) is because it's relatively easy to attack if you try and not do it that way. For example:
On 13 March 2014 15:08, Yuhao Dong <[email protected]> wrote: > - No public list of all node addresses; this makes determining > whether certain traffic is Oor traffic much harder. More at the next > bulletpoint > ... > - Blanket blacklist attacks by censors. Censors can poll the directory > and block all ordinary Tor nodes. (obfsproxy) bridges are a workaround. > - Oor's directory maintains a *graph* of all nodes. Each node knows > the public keys of all the other nodes, but each node only knows the > addresses of *adjacent* nodes. An attacker could enumerate all exit nodes by simply building lots of circuits and connecting to a website they control, noting the origin IPs. Similarly, I'm assuming you're allowing users to run nodes, in which case I can stand up node after node (or keep generating new node identities) and record the addresses of the nodes I am connected to. I'm also assuming there is some central directory in the middle that nodes connect to and provide their identity key and address? And then when you start up a node, it will give you your 'neighboring' nodes? -tom _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
