[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tor-talk] understanding client side enforced families ('NodeFamily' parameter)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

I'd like to properly understand the implications of tor's 'NodeFamily'
config option and if there is a DirAuth enforcable config option
similar to this client side option (something I did not find in the
man page yet).

names convention I'm using in this email

* undeclared family
a confirmed (by the operator) or likely group of relays operated by a
single entity or group

* declared family
a family defined by the list of fingerprints a given relay publishes
in the family line of its descriptor (for simplicity we assume there
are only fingerprints and ignore everything else).

* effective family
the overlapping list of fingerprints between declared family and
mutually agreed relationships. The effective family might be smaller
(in terms of element count) or equal but never bigger than the
declared family.

* client family
family defined by the list of fingerprints configured on a tor client
via 'NodeFamily'

* real effective family
the set of fingerprints considered to be in family after evaluating
effective families and NodeFamily torrc config lines


I assume a tor client becomes more unique as soon as he uses the
NodeFamily option but this "uniqueness" is expected to be hardly
measurable as long as NodeFamily is used reasonably (and the risks of
using multiple relays from a given undeclared family are expected to
be greater than this newly introduced uniqueness).

Questions

- - Is it possible to (accidentally) reduce the size (by element count)
of a real effective family by using NodeFamily or is the real
effective family size always the bigger of size(effective family) and
size(client family)?

Example:
effective family is: A, B, C, D
NodeFamily (accidentally) is: A, B

What is the resulting real effective family?
1) real eff. family = A, B, C, D
or
2) 	real eff. fam1 = A, B;
	rea eff. fam2 = C, D;


- - Is it possible to (accidentally) create real effective families by
using NodeFamily that are bigger than size(effective family) or
size(client family)? (That implies that client families have the power
to link multiple families into one even though the client family only
lists a subset of thouse.)

Example:
eff. family1 = A, B, C
eff. family2 = B, C, D

A and D are not in the same family, is this still true after setting
NodeFamily: B, C
or
NodeFamily: A, B


thanks,
nusenu





-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVcuCpAAoJEFv7XvVCELh0pYwP/RkYY/8iYGdp0NWezmxZo5Fh
LBUrbQ2JvHI3xtk74+uHHMorO4w6JDRt4+xeXqSow9jZh2gvMBwTeQEGr9PfOujD
oujNm9zE/u7jwv4F3t9fwcdIuLVqFfTuWMLg4HhYD6theTjkVmevSJmbvPSlGKE2
NFGYhqyQSssvgyJOieBXVVeXYWtq8Iqai3yQtHD7gCmgqGTDhBuLdNi8tBu33pD3
JASgdu+uEaYr1J2zSRnDmi4VCQPCT7nn+GGi73X5tQf47OdLaq0f/M71HkslUIoJ
eUJPAMwx1nTLV5geSc7K1+TLAwN0n97ZTYfCi/VugsndUvnOIi7+feEPrNde68BI
ST7nJK04c4EhV0u1LplecOWH7f6SRT/WvdwiNIGbU94UFYORlW9okJfvAbUEzykK
YVdh8qieRpYfsxJ3Ce9ClsZKS48p3pMUKopE7dCPiQcl5N5u26BgPKfAMtwN5ans
38xW7n0YshyeEM0mhj3bpKqpA9EAaXohXT1+P5kkBtrMZspLgGDR86QVTwQIZyb7
gGyEtS3QziClvou0GC6OtEDs+7l3zU7K8nQGyAGlZbt8cKRXCot8MPVsDrpWR944
Pjl8eeBC/oMVjFRya0LpXxJ3CKNnOVjlIL819ziQ+myYAyPocd0bF4hb5ER2318v
Wx3wmKKQUAmP1N5zIQIP
=KOMO
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk