Delivery-Date: Wed, 30 Jul 2014 20:27:54 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id A92B61E0B25;
	Wed, 30 Jul 2014 20:27:52 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id EB82C3088F;
	Thu, 31 Jul 2014 00:27:48 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 9D4EC30831
 for <tor-talk@lists.torproject.org>; Thu, 31 Jul 2014 00:27:45 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id bqo88_FmXHJB for <tor-talk@lists.torproject.org>;
 Thu, 31 Jul 2014 00:27:45 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 7950E30805
 for <tor-talk@lists.torproject.org>; Thu, 31 Jul 2014 00:27:45 +0000 (UTC)
Received: from fulvetta.riseup.net (fulvetta-pn.riseup.net [10.0.1.75])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id 7341558D0B
 for <tor-talk@lists.torproject.org>; Wed, 30 Jul 2014 17:27:42 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: phw@fulvetta.riseup.net)
 with ESMTPSA id EE8D82BF
Date: Wed, 30 Jul 2014 20:27:41 -0400
From: Philipp Winter <phw@nymity.ch>
To: tor-talk@lists.torproject.org
Message-ID: <20140731002741.GB16023@nymity.ch>
Mail-Followup-To: tor-talk@lists.torproject.org
References: <53D980B1.9020009@bitmessage.ch>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <53D980B1.9020009@bitmessage.ch>
X-PGP-Fpr: B369 E7A2 18FE CEAD EB96  8C73 CF70 89E3 D7FD C0D0
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Virus-Scanned: clamav-milter 0.98.1 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] Why make bad-relays a closed mailing list?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Wed, Jul 30, 2014 at 11:33:05PM +0000, Nusenu wrote:
> I raised this question already some time ago [1] but I guess the
> discussion there ended with the busy PETS week ;)

Sorry, I must have missed that email.  First of all, thanks for your
feedback and for putting so much thought into this!

> What would be the catch with making these reports and discussion
> public? Would it help bad actors? They will eventually find out about
> the consensus changes anyway, no?

I think we need to distinguish between the report and the discussion.
Ultimately, a report that is acted upon *cannot* remain secret.  As soon
as a relay gets the BadExit flag, the operator can figure out that they
got caught.  As a result, I believe that the mere fact that a relay was
blocked (via BadExit or reject) can be published.  There is an ongoing
discussion if we should do that.

The discussion of observed malicious behaviour, however, can give the
attacker a lot of knowledge which they can exploit in order to evade
detection in the future.  Consider, for example, an HTTPS MitM attack
which targets a small number of web sites.  If somebody reports only one
of these targets, the attacker can spawn a new relay after discovery and
simply reduce the set of targeted sites in order to remain under the
radar.  This seems to be an uphill battle and it's difficult to have
full transparency without giving dedicated adversaries a big advantage.

Cheers,
Philipp
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

