Delivery-Date: Mon, 25 Jan 2016 10:25:54 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id BE6191E0192;
	Mon, 25 Jan 2016 10:25:33 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 2ECAF38BB0;
	Mon, 25 Jan 2016 15:25:29 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id D45FC38A66
 for <tor-talk@lists.torproject.org>; Mon, 25 Jan 2016 15:25:25 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id HOMJQQuogn2n for <tor-talk@lists.torproject.org>;
 Mon, 25 Jan 2016 15:25:25 +0000 (UTC)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil
 [IPv6:2001:480:20:118:118::211])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id B806C37F73
 for <tor-talk@lists.torproject.org>; Mon, 25 Jan 2016 15:25:25 +0000 (UTC)
Received: from vpn212046.nrl.navy.mil (vpn212046.nrl.navy.mil [132.250.212.46])
 by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id u0PFPKXS027998
 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
 for <tor-talk@lists.torproject.org>; Mon, 25 Jan 2016 10:25:21 -0500
Date: Mon, 25 Jan 2016 10:25:20 -0500
From: Paul Syverson <paul.syverson@nrl.navy.mil>
To: tor-talk@lists.torproject.org
Message-ID: <20160125152520.GW71377@vpn212046.nrl.navy.mil>
References: <n82b3t$g4v$1@ger.gmane.org> <56A53291.8060708@gmail.com>
 <56A53342.1010502@riseup.net>
 <B215E953-7E06-4502-9BD8-1D19B8987B79@riseup.net>
 <n83i6p$3c6$4@ger.gmane.org>
 <7730df330072bf3f626e71525aa5e149@openmailbox.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <7730df330072bf3f626e71525aa5e149@openmailbox.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Subject: Re: [tor-talk] Using VPN less safe?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Sun, Jan 24, 2016 at 04:13:18PM -0800, Spencer wrote:
> >
> >leave the route selection to Tor
> >
> 
> Is this that trust thing people are always talking about?
> 

A little terse to know, but onion routing is designed around diversity
of trust. Just to be clear, this does not mean 'let the Tor Project
Inc. or the Tor Director Authorities (itself a diverse set)
or... select a route and hand it to you'. It does mean 'let the Tor
software use its randomized algorithms to select a route that makes
tradeoffs of performance and security that experts have thought about'.

There are of course configuration settings so you can do differently
if you want. If anyone wants to do that, they should try to make as
informed a choice as possible and understand what the issues are. We
have made a number of mathematical and experimental analyses, policy
languages, etc. available to understand trust in route selection for
Tor or other onion routing systems, taking into account a wide range
of adversary types. The most recent published work we have on this is
"20,000 In League Under the Sea: Anonymous Communication, Trust,
MLATs, and Undersea Cables" available at
http://www.degruyter.com/view/j/popets.2015.1.issue-1/popets-2015-0002/popets-2015-0002.xml?format=INT

This is ongoing evolving research. This is not ready for deployment
for everybody's Tor clients to do their own trust-aware route
selection.  And, one of the observations of this work is that you
should probably always use the default settings unless you have
specific other adversaries in mind and understand how diverging from
the pack will affect you.  What this work will do is help people who
want to use different route selection choices to understand those
choices, and it will eventually impact the default and alternative
route selections built into the Tor software.  

It also focuses just on route selection.  Tor does other things to
diversify trust.  For example, Tor's binaries have for the last few
stable releases reflected reproducible (or determistic) builds, which
means that people can independently verify that the officially
distributed binaries are compiled from the officially distributed
source programs. If they did not match, anyone could test and expose
that.  See
https://blog.torproject.org/category/tags/deterministic-builds

aloha,
Paul
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

