[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tor-dev
Subject:    Re: [tor-dev] putting 'Nuke MyFamily' to vote (#6676)
From:       Virgil Griffith <i () virgil ! gr>
Date:       2016-04-17 5:45:19
Message-ID: CADop2NFSTwWU3w-g=f8ppSgU_6LWcRBOhecJovQsXr4Y+VTz4g () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


We'd obviously lose some connections if we lost MyFamily.  And I'd prefer
not to lose them.  However, if there's other needs which require the nuking
of MyFamily, my/Roster's world would not end.

-V

On Sunday, 17 April 2016, Tim Wilson-Brown - teor <teor2345@gmail.com>
wrote:

>
> > On 16 Apr 2016, at 17:13, Virgil Griffith <i@virgil.gr <javascript:;>>
> wrote:
> >
> > I'm not wholly in favor of keeping MyFamily in its current form.  In
> Roster we simply need a way to identify when two relays are owned by the
> same operator.  Worst comes to worst we could use the email address in the
> ContactInfo, or some such.
>
> Some operators use a variant email address or ContactInfo for each relay,
> although these are in the minority.
> Others don't have any ContactInfo at all.
> I'm not sure whether any of these relays declare MyFamily or not, I'd have
> to check.
>
> I'd like to know how many relay associations we'd lose in the current
> network by removing MyFamily before we make a decision.
>
> > There have been proposals to do more creative signature schemes for
> MyFamily ownership.  This would also be a satisfactory solution.
>
> I wonder if this kind of complexity would be worth it.
> Do we gain much over the current system by using a signature scheme?
> (Apart from making large families shorter and easier to administer, at the
> cost of making small families longer.)
>
> > In summary, my world would not end if MyFamily ceased to exist----we'd
> simply use the ContactInfo for family membership.  Obviously family
> membership then becomes spoofable, but perhaps who cares?
>
> It makes some difference for fallback directories, where we use a
> combination of family, contact, and IP to work out which relays are more
> likely to go down at the same time.
>
> I also wonder about the impact on path selection and client security -
> even an honest operator can have their relays compromised or be compelled
> to provide information.
>
> Tim
>
>
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP 968F094B
> ricochet:ekmygaiu4rzgsk6n
>
>
>
>

[Attachment #5 (text/html)]

We&#39;d obviously lose some connections if we lost MyFamily.   And I&#39;d prefer \
not to lose them.   However, if there&#39;s other needs which require the nuking of \
MyFamily, my/Roster&#39;s  world would not \
end.<div><br></div><div>-V<span></span><br><br>On Sunday, 17 April 2016, Tim \
Wilson-Brown - teor &lt;<a \
href="mailto:teor2345@gmail.com">teor2345@gmail.com</a>&gt; wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><br> &gt; On 16 Apr 2016, at 17:13, Virgil Griffith &lt;<a \
href="javascript:;" onclick="_e(event, &#39;cvml&#39;, \
&#39;i@virgil.gr&#39;)">i@virgil.gr</a>&gt; wrote:<br> &gt;<br>
&gt; I&#39;m not wholly in favor of keeping MyFamily in its current form.   In Roster \
we simply need a way to identify when two relays are owned by the same operator.   \
Worst comes to worst we could use the email address in the ContactInfo, or some \
such.<br> <br>
Some operators use a variant email address or ContactInfo for each relay, although \
these are in the minority.<br> Others don&#39;t have any ContactInfo at all.<br>
I&#39;m not sure whether any of these relays declare MyFamily or not, I&#39;d have to \
check.<br> <br>
I&#39;d like to know how many relay associations we&#39;d lose in the current network \
by removing MyFamily before we make a decision.<br> <br>
&gt; There have been proposals to do more creative signature schemes for MyFamily \
ownership.   This would also be a satisfactory solution.<br> <br>
I wonder if this kind of complexity would be worth it.<br>
Do we gain much over the current system by using a signature scheme?<br>
(Apart from making large families shorter and easier to administer, at the cost of \
making small families longer.)<br> <br>
&gt; In summary, my world would not end if MyFamily ceased to exist----we&#39;d \
simply use the ContactInfo for family membership.   Obviously family membership then \
becomes spoofable, but perhaps who cares?<br> <br>
It makes some difference for fallback directories, where we use a combination of \
family, contact, and IP to work out which relays are more likely to go down at the \
same time.<br> <br>
I also wonder about the impact on path selection and client security - even an honest \
operator can have their relays compromised or be compelled to provide \
information.<br> <br>
Tim<br>
<br>
<br>
Tim Wilson-Brown (teor)<br>
<br>
teor2345 at gmail dot com<br>
PGP 968F094B<br>
ricochet:ekmygaiu4rzgsk6n<br>
<br>
<br>
<br>
</blockquote></div>



_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic