-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I hope I don't sound too pompous saying this, but I really don't think relays should run on Windows. Windows is the primary target of weaponized and general exploits, and it's less secure than a properly configured Unix distribution. People running nodes, especially exit nodes, have a responsibility to their users, and I just don't think Windows is the best choice in that regard.
This is especially relevant with potential adversaries like the Chinese government, who can buy Windows exploits that can't be prevented by user configuration, and can't be recognized by public auditors because of the closed source code. Market *nix exploits also exist, but (IIRC) they're much rarer and less expensive. It's possible that I'm wrong, though. Let me know if Windows is more secure than I think. Libertas On 11/05/2014 11:15 AM, Tom Ritter wrote: > On 5 November 2014 03:04, grarpamp <grarp...@gmail.com> wrote: >> On Tue, Nov 4, 2014 at 12:25 PM, Libertas <liber...@mykolab.com> >> wrote: >>> I think it would be a good idea to add OpenBSD to doc/TUNING >>> because [...] promoting OpenBSD relays benefits the Tor >>> network's security. >> >> Absolutely. Not just due to OpenBSD's security positioning, but >> moreso from network diversity. Windows is its own world. > > I tried installing OpenBSD once... it was tough, heh. > > Coming from a Windows background, I like the idea of running more > nodes on (up-to-date, maintained) Windows servers. > > I'll also throw out the obvious that if we're talking about > diversity for the purposes of security, the network-accessible > parts of tor rely on OpenSSL, which would probably be difficult to > swap out, but might be worth it as an experiment. Even if it's to > LibreSSL. Maybe the zlib library also, but that one's had a lot > fewer problems than OpenSSL. > > -tom _______________________________________________ tor-relays > mailing list tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUWmSgAAoJELxHvGCsI27NfukP/ie52CTXDH4sKGjArvPTeJZM 6IsZWmjobAfS+WzzfUGj0n2bPLgPF7t63532H5FVdZpdtYpKW1CfD9N2JIQ+QU/Y JtLjfUt94a98PyRj1K4+aCS7EhpCyrL6/xuOUuBe+7mtAOSSbMzItD85TEepMG6M foRTGgkYBLpfsHhi+UglA0MQGrR1TFK9uXlza7mEJKP+dll1ihjrYxf5HgP0wbXY j2TAXg319ldW1VddynJyux7cP0hiZ4yc8i5VvSwqPHe8BDc+MHy96gbqwLam3/XD yOkUNjItfcHfQfBCZh5F8S/qTKV7YJGD12EdBPclHkRCGULQ/gu2awVVEluWe/Q8 uYcYJKvG1BONr5/6ycIUUFVtWgZKnNrA+88bVkndvyAwqgTVcaJPYjj9yKemHysa xNyJYY3/DkiJa3UaLqZVzahe8HJYSanglWecIk/Jhk8JATS/dgca/ETaBWiJlTsC lC+vDj93wB7NxVdMdcnbeQZynTD38midDHJ+VYglMJuApCNils4OOJgI4D+5VJhQ 4xkOuBoNRFAsRqsXIzmUX3/5DkpJWCGL2rRxyqwXO1BRSck8ri6EOZ5jxJAznFoG izb2ykPPWWCemf/JaVPQLKPbahA4nvTIT0IH7PFgmg3ShDi6eU2fBWxJVwpNalOd 4FooMwRuainfoP+PGWm/ =Qa6H -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
