> It's interesting to reduce the HS path length, but that would reduce > the length of the chain that the adversary has to walk, which is bad :/
Yeah, security in this attack model pushes towards a long path. > The rendezvous model is a bit restricting isn't it :( Agreed, modifying path selection just raises the attack time and effort some (although that “some” is a real improvement IMHO). Clearly users with a powerful global adversary should be able to survive eventual compromise of a server. It might be fun to build a system that would provide fault tolerance and protect the private HS information against individual server compromise. “Survivable HSes”? This seems doable :-) Cheers, Aaron _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
