Delivery-Date: Mon, 25 Jan 2016 15:15:18 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id D207D1E3038;
	Mon, 25 Jan 2016 15:15:16 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 5050F24754;
	Mon, 25 Jan 2016 20:15:12 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 533A224218
 for <tor-talk@lists.torproject.org>; Mon, 25 Jan 2016 20:15:08 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 0dqnY-Ks3WWB for <tor-talk@lists.torproject.org>;
 Mon, 25 Jan 2016 20:15:08 +0000 (UTC)
Received: from forward13h.cmail.yandex.net (forward13h.cmail.yandex.net
 [IPv6:2a02:6b8:0:f35::9e])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 1879726553
 for <tor-talk@lists.torproject.org>; Mon, 25 Jan 2016 20:15:08 +0000 (UTC)
X-Greylist: delayed 324 seconds by postgrey-1.34 at eugeni;
 Mon, 25 Jan 2016 20:15:08 UTC
Received: from web9h.yandex.ru (web9h.yandex.ru [IPv6:2a02:6b8:0:f05::19])
 by forward13h.cmail.yandex.net (Yandex) with ESMTP id 56AEC20F17
 for <tor-talk@lists.torproject.org>; Mon, 25 Jan 2016 23:09:39 +0300 (MSK)
Received: from 127.0.0.1 (localhost [127.0.0.1])
 by web9h.yandex.ru (Yandex) with ESMTP id F16BB4B40D05;
 Mon, 25 Jan 2016 23:09:38 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail;
 t=1453752579; bh=mIo8alBZzea5ZqGhjtKwI9XPvU4aOaqbT+55wyrQWd8=;
 h=From:To:Subject:Date;
 b=nCQlFwgSiX9Vg/PJC/RbP5kZ/lJ2zAhUV6AIaYOPh0YnodlCqc9syHvzFEbkux9GT
 1V7BgjUfn2zYpxMKpu/SV7xwunlmA9S6SOhOtou2M4J5N3/Y2VUOmazylf8cnnfw2j
 WgnCSwaYYcGUu/sZb22Lc5+pyVz76RDn3bcBho5g=
Received: by web9h.yandex.ru with HTTP;
	Mon, 25 Jan 2016 23:09:37 +0300
From: Cain Ungothep <ungocain@yandex.com>
To: tor-talk@lists.torproject.org
MIME-Version: 1.0
Message-Id: <1484141453752577@web9h.yandex.ru>
X-Mailer: Yamail [ http://yandex.ru ] 5.0
Date: Mon, 25 Jan 2016 21:09:37 +0100
Subject: Re: [tor-talk] A multi-layer proof of work system to solve the
	Tor/CloudFlare problem?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hi, I like your idea but have some criticism to make regarding what you
consider users of the Tor network.

> That way a normal web client, normally browsing a website, would not be
> impacted from end-user experience, but any automated system (the ones causing
> problems to Cloudflare)

Why can't people separate Tor from Tor Browser in their minds?  Tor is a
network transport.  Not all Tor users are lusers sitting behind Tor Browser,
clicking things.

For example I have a system-wide Tor daemon, and I use it for a variety of
different non-interactive things, like news reader updates, automatic source
code fetches, web-api-related requests, and other cronjobs.  I am not the only
one.  Shitflare also affects completely reasonable automatic non-interactive
uses like that.

In fact the Great Firewall of Shitflare completely fucks every hope of
composability of their clients' web sites.

> would get hit by a huge increase in the
> computational resources required to make such massive attacks.
>
>[snip]
>
> At that stage Cloudflare, instead of using a Captcha, could also
> implement an independent Javascript Proof of Work system,

No.  Javascript in the browsers is shit. Shit for security, shit for privacy.
I consider requiring Javascript for fundamental functionality an affront.

> to be applied at Application Level and run on Tor Browser,

Ditto about Tor vs. Tor Browser.  Though a neutral _protocol_ (a remote API)
to request and submit the PoW could be workable.

>[snip]
>
> Maybe it's a bad idea, but the key to be addressed is imho:
> - reducing the automated attacks from Tor netwok by increasing it's
> costs while leaving intact the end-user experience on Tor Browser

Ditto, Tor != Tor Browser.

Cheers.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

