> On 12/21/11, Fabio Pietrosanti (naif) <[email protected]> wrote: > > A lot more than I'm willing to critique. My suggestions are > > Add a PHASE-0.5: Email out requests for permission to scan & > permission to publish the scan results to all tor node contact > addresses > > PHASE-1: b) Portscan all Tor Router>> that we have received permission > to scan<<, save it via XML > > PHASE-2: f) Publish the Statistics result Summary>> for the nodes that > we have received permission to publish stats<< > > PHASE-4: remove all nodes from the concensus that do not meet the new > Tor security standards > > Just drop the ethically-challenged hacker mindset & ask > for permission to scan as well as permission to publish.
Not every ones ethics are the same as yours. That doesn't mean they are ethically-challenged. That being said the proposal may work. The question is what percentage of nodes have valid and up to date email addresses and would respond? Some of us have been running a Tor node for years. Not having a valid up to date email does not mean these systems are insecure. Debian makes it very easy to run and update a Tor node. It may not have a huge impact on the network. I think the best approach is to send off an email with the new proposal to all node operators. See what the response is from the node operators. Let node operators know if they do not explicitly opt out they may be included by default in the scans if the percentage of nodes that respond is not sufficient. What we want is a response from every node operator either way though so we can judge. _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
