Delivery-Date: Sun, 23 Nov 2014 22:59:40 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 8EAD41E0A3A;
	Sun, 23 Nov 2014 22:59:38 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 66E26321DC;
	Mon, 24 Nov 2014 03:59:31 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 61373321DA
 for <tor-talk@lists.torproject.org>; Mon, 24 Nov 2014 03:59:27 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id AekRnOZmk0NU for <tor-talk@lists.torproject.org>;
 Mon, 24 Nov 2014 03:59:27 +0000 (UTC)
Received: from mail-pa0-x234.google.com (mail-pa0-x234.google.com
 [IPv6:2607:f8b0:400e:c03::234])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 2E76F321D2
 for <tor-talk@lists.torproject.org>; Mon, 24 Nov 2014 03:59:27 +0000 (UTC)
Received: by mail-pa0-f52.google.com with SMTP id eu11so8718298pac.11
 for <tor-talk@lists.torproject.org>; Sun, 23 Nov 2014 19:59:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=googlemail.com; s=20120113;
 h=sender:message-id:date:from:user-agent:mime-version:to:subject
 :references:in-reply-to:content-type:content-transfer-encoding;
 bh=RnTgtHVvpGGQmMLpXZgMhL5I0A3R9CVdiDX0AFifOsk=;
 b=m2QnTkbcOVsrZr2kH8ItLRXt5AaN1Kf7MiFBMg/ZlHo2lDBM+odTewEV6C9CggRy+Z
 EKNmMXaXzeRFsiXMV95dRnVlZVhKlKa07OUSI5tYseXNejI0cXXj9d/vDms1yDK8FCs4
 wZMBd8eDWYi2x+5KyEFnEqA5HPPiacSRnrbg883g+hmYMBJt+Wuuw0yPd+sGY0Y02A90
 Df8ROZIcFiLImywJXySzADjRiSlOrw4DUF3CGj9vE7fFxKOeScwsKUc0iAGtC0JMMZ4C
 lbGv9PXu4n8m0RIpE+A66JxhoWsAsN4t6KP8HzNc33DLgZW6Cdrqs969y3Nkeqnq2l4a
 l1kA==
X-Received: by 10.66.139.134 with SMTP id qy6mr28585539pab.128.1416801564600; 
 Sun, 23 Nov 2014 19:59:24 -0800 (PST)
Received: from [10.64.40.149] (93.160.173.203.static.cust.vf.net.nz.
 [203.173.160.93])
 by mx.google.com with ESMTPSA id pc10sm10952582pbb.21.2014.11.23.19.59.22
 for <multiple recipients>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Sun, 23 Nov 2014 19:59:23 -0800 (PST)
Message-ID: <5472AD18.6060502@gna.org>
Date: Mon, 24 Nov 2014 16:59:20 +1300
From: Christian Gagneraud <chgans@gna.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <008cbe7468ef38777d2e2addf83b21b2.squirrel@bitmailendavkbec.onion>
 <CAAS2fgSJ7fqJeGYDBX0qc7XtoeNOt6j-KCdjuN63GxYt-Pc94Q@mail.gmail.com>
 <CAGRDzQW570-hH07W8DVPCm=0UNmC4ddT0QNiavvCypMUiuj1DA@mail.gmail.com>
 <CAAS2fgQ4xG6++QCWfhthJSqpgpB5Fr_cRkkc6S46BeTHzfqZsQ@mail.gmail.com>
In-Reply-To: <CAAS2fgQ4xG6++QCWfhthJSqpgpB5Fr_cRkkc6S46BeTHzfqZsQ@mail.gmail.com>
Subject: Re: [tor-talk] Propsal for decentralization of the Tor network
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 24/11/2014 4:17 p.m., Gregory Maxwell wrote:
> On Mon, Nov 24, 2014 at 3:03 AM, Cari Machet <carimachet@gmail.com> wrote:
>> prove decentralization creates vulnerability to a larger degree than
>> centralization
>
> You haven't specified the decentralization mechanism.  So I guess I get to pick?
>
> Okay. Instead of believing the directory authority signatures, instead
> you have nodes connect out to as many nodes as they can find, and add
> any entry returned by a majority of nodes to their local directory.
>
> Oops. The attacker is a local network and only lets them connect out
> to their own nodes, which perform a sybil attack and limit the tor
> client's view to just the attackers hosts.  Client security is lost
> completely.

Isn't it how I2P works? [1], with maybe the exception for bootstrapping 
where you need data from an existing (trusted) node.

[5 minutes later]

Actually according to [2]:
"We currently have not implemented any particular technique to address 
Sybil, but do include placeholder certificates in the router's and 
destination's data structures which can contain a HashCash certificate 
of appropriate value when necessary (or some other certificate proving 
scarcity)."

My 2 cents,
Chris

[1] https://geti2p.net/en/docs/how/network-database
[2] https://geti2p.net/en/docs/how/threat-model#sybil

>
> Q.E.D. ...
>
> There are many ways you can go about trying to be 'decentralized'
> most are _profoundly_ insecure in an active adversaries attack model.
> Usually the main failure mode is inadequate sybil resistance.
>
> This isn't to say that I don't think useful things are possible,  I
> don't know. I have not seen a proposal which even makes an argument
> for its own security for this application. Saying "decenteralized" is
> easy, tendering a concrete proposal which achieves useful security
> properties is much harder.  And "decenteralized" isn't something that
> can be deployed or analyzed for its security, specific concrete
> proposals are.
>
> Incidentally,
>
>> Ruh-roh, this is now necessary: This email is intended only for the
>> addressee(s) and may contain confidential information. If you are not the
>> intended recipient, you are hereby notified that any use of this
>> information, dissemination, distribution, or copying of this email without
>> permission is strictly prohibited.
>
> If you don't want your emails being made public you should consider
> not sending them to a public mailing list.
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

