The cheap low risk node majority attack, pki, geoip, etc

Steve Kinney admin at pilobilus.net
Wed Jun 8 12:24:25 PDT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 06/08/2016 12:48 AM, grarpamp wrote:
> On 6/7/16, Steve Kinney <admin at pilobilus.net> wrote:
>>> And a bunch more lines to include attributes as to "verified to
>>> be a human node operator in person" pki web of trust into the
> 
>> Making users prove they are human without disclosing any
>> personally identifying information is not an easy task.  As far
>> as I know, nobody
> 
> Did not say "users". I said "operators", ie: relays. For which
> there are 1000 exits and 7000 relays. For which single humans run
> subgroups of them. For which users, operators, etc worldwide could 
> have keysigining parties with them, inject that into the consensus,
> and give knobs to "users". Which is for some users a far better
> option and cost raiser than dirt cheap govt / adversary VPS of...
> 
> 1150 "router (Unnamed|default|ididnteditheconfig)" with no contact
> info.

Something like that did cross my mind, and I'm glad you expanded on
the theme.  Here we see the difference between a "protocol" as defined
in software, and a "protocol" for face to face human interaction.  In
theory, the approach outlined above would make a network like TOR
orders of magnitude more effective.

But a problem remains:  Software based solutions are easy to deploy,
"just do it."  End users who know something happened (likely a small
minority, unless the changes degrade service) can keep using, drop
out, or fork the project.  Meatspace based solutions are hard:  They
require the informed participation of /numerous/ geographically
dispersed participants.  Compare the case of the PGP web of trust:  It
only works if a critical mass of well informed, proactive end users
make it work.

Getting enough TOR users to do real work in the real world to register
themselves as TOR users sounds like a non-starter to me.

:o/





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXWHDpAAoJEECU6c5XzmuqNFMIAMuOzSukl9tqMvM0EvFjPRfy
M+DFaujsWbwme+zc6qlHxqAVmD7VmXlvyJ9KqKBHitRg1mV8fmsTCy9pFqd0lzsP
zR0DRYN2nCk0dkR1WA3kkwu2VoaQqXP4PfQabxJbN9dMVpNBfSrzfxKI0XClJ4Hf
bnHgehnqKjPRXbAiznsLWgJ3SKGqW8vBc9GEA2fBzGY6NmyVZaTXpp4AM28aT6Eg
gCXSOtKFXWJU9xm4x4Rd32ujsKnqJdO9+bscbbr5tLDR+g2gvbNOSqjboIyjJ6zw
qWlp+BinZe6EIiW9BGRrt+m6AGFCEgBL1PkYlD9ovVQ8Varb8Tdg+pAzvKgj7mw=
=LbIM
-----END PGP SIGNATURE-----



More information about the cypherpunks mailing list