Delivery-Date: Sun, 21 Sep 2014 21:28:07 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 254EB1E0A2C;
	Sun, 21 Sep 2014 21:28:06 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id AD6682B1CA;
	Mon, 22 Sep 2014 01:27:57 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 3E53D2BC34
 for <tor-talk@lists.torproject.org>; Mon, 22 Sep 2014 01:27:53 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id aegqmicda-P2 for <tor-talk@lists.torproject.org>;
 Mon, 22 Sep 2014 01:27:53 +0000 (UTC)
Received: from mail-vc0-x232.google.com (mail-vc0-x232.google.com
 [IPv6:2607:f8b0:400c:c03::232])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 12EE324081
 for <tor-talk@lists.torproject.org>; Mon, 22 Sep 2014 01:27:53 +0000 (UTC)
Received: by mail-vc0-f178.google.com with SMTP id lf12so1287270vcb.9
 for <tor-talk@lists.torproject.org>; Sun, 21 Sep 2014 18:27:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=dxu6ZLZkbJl1pyDmcF6BhoOqfzqYaYh9VGxb60KcTvQ=;
 b=r8vdkstlcskwVVZO7iLwhyNExMdC3aeiTQvJmR3cxC8kH+4KGwuvJjwTqdNZ+0LtdJ
 3r11JmAQBTxekicXipeGAQCr8cdF6XCe9SwEqkscaVxti9b85pSjF8YPZpIHCWPq/7cd
 SizbvEfLKHSWRdbzw4Dil80gRwP4Jm/f3DRL/GHlD/25GGB/bOG1PHLamdHGBT7UvBrQ
 3SUK0H6TUtudjL/d/rnFUhIeMzTmlr854u+3xfi29tofnVeoqI5ma+DLFdW0iB6DAqFJ
 /dN+/gcE/ywJB4PgqkJofPM0gDm9FYOYc0sD92YweKkI5+p3OPc6ZXjcNnvfJWz6mNUL
 Spdg==
MIME-Version: 1.0
X-Received: by 10.52.137.2 with SMTP id qe2mr13833713vdb.11.1411349270670;
 Sun, 21 Sep 2014 18:27:50 -0700 (PDT)
Received: by 10.221.64.74 with HTTP; Sun, 21 Sep 2014 18:27:50 -0700 (PDT)
In-Reply-To: <1411050624.21331.14.camel@anglachel>
References: <156b8eed2e9dc784c15c238afc028330.squirrel@bitmailendavkbec.onion>
 <CAD2Ti29evbkQ5vRJxkEbx=L+hKypUsVdZY7aFuCkktXU=xMpsA@mail.gmail.com>
 <1410994840.10492.7.camel@anglachel>
 <1411050624.21331.14.camel@anglachel>
Date: Sun, 21 Sep 2014 21:27:50 -0400
Message-ID: <CAD2Ti2936GU1vwetcJfCSGkZJ--OcugAKq5tFYE+ot_=2xX+FA@mail.gmail.com>
From: grarpamp <grarpamp@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] wake up tor devs
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

> scrib tedks:
> Not really, in 2004 onion routing was well-researched.

All the projects have milestone dates, knock another five years off
if that one doesn't make you happy.

> Tor is very incrementalist

So is any other project, you can't just wish project/code into
being. And everyone has their own maps.
https://geti2p.net/en/get-involved/roadmap

> Dropping something like i2p, with zero
> academic background

https://geti2p.net/en/papers/

In general: blah blah blah, we all started somewhere from the exact
same position, zero. Including Tor.


> Tails *just* got burned by i2p and wisely disabled it.

For you to be able to successfully bash any other network project,
you need to be able to show that their whitepaper design fundamentals
[1] are broken.

Pointing out cute little javascript [2] XSS holes [3] that root
your configuration system, while surely unwanted holes, is childish
for a comparative reviewer to do. They are not architectural flaws
in the overall fundamental design of the darknet itself. They are
issues in the periphery that everyone makes and that will be
fixed/rewritten in time. Tor is no stranger to this either, go look
through the security and other sections of the Tor changelog.

Further, Tor has known and unfixed de-anonymization attacks against
its hidden services, and by extension possibly out to the client
as well if the guard is evil. That's not a cute hole. And being
fair, other networks likely have similar current weaknesses.

[1] For example lacking better terms, Tor uses circuit switching
over onion routing with fixed human directory authorties at the
top, I2P uses packet switching over garlic routing with no such
central authorities.

[2] You could just as easily bash Tails or TBB here for leaving
javascript turned on.

[3] http://blog.exodusintel.com/2014/08/25/tails-from-the-cri2p/
"The approach utilizes cross-site scripting vulnerabilities along
with Javascript to reach into the internal I2P router configuration
intranet."


> Sometimes questions just have simple answers.

Some questions defeat themselves ie...

> * i2p should have attracted academics to the low-hanging fruit of
>  showing their unique routing system correct

Current trends award more rockstar for proving brokenness and treat
proving correct as academic. BTW, no one has shown Tor correct,
some show it weak to various things.

> * i2p should have attracted developers to the relatively popular
>   project of helping defeat censorship and protect privacy (there
>   are probably an order of magnitude more Java developers than C
>  developers, so i2p even has an advantage here!)

These are likely human factors, you have coders, you have salesmen,
they don't usually come in one group/person. I2P just added salesmen
by redoing their website and launching an umbrella. It's also not
so easy to say there are more java developers skilled in this
particular application space.

> * i2p should have hosted security-critical sites like the Silk
>  Road

You've clearly not spent any time in, and cataloging the contents
of, the various darknets.

> * i2p should have been used by botnets for c&c

Botherders historically think in terms of clearnet and needed exits.
There is no proof i2p is not in such use. And being a simple binary,
Tor is much easier to package and run as part of an exploit.

> * i2p should have been mentioned in some leak from some shadowy
>  security agency

Whatever. Lack != Fact.

> * The major selling point of i2p should be "proven security over
>   alterantives" rather than "developed by anonymous people" and "not
>   funded by the american government", which are secondary rather
>   than primary advantages of the software and are respectively
>   entirely uncorrelated and only weakly correlated with the
>   security of the software

Tor should as well be able to say the first quote, the third quote,
and since anyone can be on the take, even the second as well... but
it doesn't. Here's what these two projects actually say...

https://geti2p.net/en/
https://www.torproject.org/


> Further, i2p just isn't worth that treatment because it's shoddily
> developed
> ...
> the aggregate intelligence of your developer base. Unless you can argue
> the 5 contributors to i2p are geniuses

Insults do not enhance your arguments, or your friend count.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

