Changes between Version 35 and Version 36 of TorWeeklyNews/2014/33

Aug 19, 2014, 10:18:33 AM (6 years ago)

add more misc


  • TorWeeklyNews/2014/33

    v35 v36  
    1212Welcome to the thirty-third issue of Tor Weekly News in 2014, the weekly
    13 newsletter that covers what is happening in the XXX Tor community.
     13newsletter that covers what is happening in the Tor community.
    1515Tor Browser 3.6.4 and 4.0-alpha-1 are out
    5757 [XXX]:
    59 The Tor network doesn't support addressing relays by name anymore
    60 -----------------------------------------------------------------
    62 Since the very first versions of Tor [XXX], relay operators have been
    63 able specify “nicknames” for their relays. Such nicknames were initially
    64 meant to be unique accross the network, and operators of directory
    65 authorities would manually “bind” a relay identity key after verifying
    66 the nickname. The process became formalized with the “Named” flag
    67 introduced in the 0.1.1 series [XXX], and latter automated with the
    68 0.2.0 series. If a relay held a unique nickname for long enough, the
    69 authority would recognize the binding, and subsequently reserve the name
    70 for half a year.
    72 Nicknames are useful because it appears humans are not very good at
    73 thinking using long strings of random bits. Initially, they made it
    74 possible to understand what was happening in the network more easily,
    75 and to address a specific relay in a shorter way. Having two relays with
    76 the same nickname in the whole network is not really problematic when
    77 one is looking at nodes, or a list on Globe [XXX] as relays can always
    78 be differentiated by their IP addresses or identity keys.
    80 But complications start when nicknames are used to specify a relay and
    81 not another. If the wrong relay get selected, then it can become a
    82 security risk. Even if a good amount of efforts [XXX] have been spent
    83 trying to improve the situation, properly enforcing uniqueness has
    84 always been problematic and a burden for the few directory authorities
    85 handling naming.
    87 Back in April, “Heartblead” [XXX] forced many relays to switch to a new
    88 identity key, thus loosing their “Named” flag. Because this meant that
    89 anyone addressing relays with nickname would now have a hard time
    90 continuing to do so, this was seen by Sebastian Hahn as the opportunity
    91 to get rid of the idea entirely [XXX].
    93 This week, Sebastian wrote [XXX]: “Code review down to 0.2.3.x has shown
    94 that the naming-related code hasn't changed much at all, and no issues
    95 were found which would mean a Named-flag free consensus would cause any
    96 problems. gabelmoo and tor26 have stopped acting as Naming Directory
    97 Authorities, and — pending any issues — will stay that way.”
    99 This mans that addressing relays by nicknames has now stopped working.
    100 “If you — in your Tor configuration file — refer to any relay by name
    101 and not by identity hash, please change that immediately. Future
    102 versions of Tor will not support using names in the configuration at
    103 all”, warns Sebastian [XXX].
    105  [XXX]:
    106  [XXX]:
    107  [XXX]:
    108  [XXX]:
    109  [XXX]:
    110  [XXX]:
    111  [XXX]:
    112  [XXX]:
    114 Monthly status reports for XXX month 2014
    115 -----------------------------------------
    117 The wave of regular monthly reports from Tor project members for the
    118 month of XXX has begun. XXX released his report first [XXX], followed
    119 by reports from name 2 [XXX], name 3 [XXX], and name 4 [XXX].
    121  [XXX]:
    122  [XXX]:
    123  [XXX]:
    124  [XXX]:
    12659Miscellaneous news
     62meejah announced [XXX] the release of version 0.11.0 of txtorcon, a
     63Twisted-based Python controller library for Tor. This release brings
     64several API improvements; see meejah’s message for full release notes
     65and instructions on how to download it.
     67 [XXX]:
     69Nick Mathewson asked for comments [XXX] on Trunnel, “a little tool to
     70automatically generate binary encoding and parsing code based on
     71C-like structure descriptions” intended to prevent Heartbleed-style
     72vulnerabilities from creeping into Tor’s binary-parsing code in C. “My
     73open questions are: Is this a good idea? Is it a good idea to use this
     74in Tor? Are there any tricky bugs left in the generated code? What am I
     75forgetting to think of?”, wrote Nick.
     77 [XXX]:
     79Arturo Filastò requested feedback [XXX] on some proposed changes to
     80the format of the “test deck” used by ooni-probe, the main project of
     81the Open Observatory of Network Interference. “A test deck is basically
     82a way of telling it ‘Run this list of OONI tests with these inputs and
     83by the way be sure you also set these options properly when doing
     84so’…This new format is supposed to overcome some of the limitations of
     85the old design and we hope that a major redesign will not be needed in
     86the near future”, wrote Arturo.
     88 [XXX]:
    12990Tor’s importance to users who are at risk, for a variety of reasons,
    130 makes it an attractive target for creators of malware who distribute
     91makes it an attractive target for creators of malware, who distribute
    13192fake or modified versions of Tor software for malicious purposes.
    13293Following a recent report of a fake Tor Browser in circulation, Julien
    139100 [XXX]:
    141 Item 2 with cited source [XXX].
     102Arlo Breault submitted a status report for July [XXX].
    143 Item 3 with cited source [XXX].
    145  [XXX]:
    146  [XXX]:
    147  [XXX]:
     104 [XXX]:
    149106Tor help desk roundup
    201 This issue of Tor Weekly News has been assembled by XXX, Matt Pagan,
    202 Sebastian Hahn and Ximin Luo.
     158This issue of Tor Weekly News has been assembled by XXX, Matt Pagan, and
    204161Want to continue reading TWN? Please help us create this newsletter.
    214 * (''Not sure how to write this, I wish dcf could provide a short writeup -- Lunar'')  Tor-related talks at [ Def Con 22], August 7–10, 2014 in Las Vegas:
     171* Tor-related talks at [ Def Con 22], August 7–10, 2014 in Las Vegas:
    215172  * [ Don’t Fuck It Up] ([ slides], temporary URL) by Zoz. Zoz talked about how to use Tor and other tools to keep safe while practicing civil disobedience.
    216173  * [ Masquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring] ([ slides], [ Ars Technica]) by Ryan Lackey, Marc Rogers, and the Grugq. The talk was different than what the title and abstract imply. They discussed a hardware "travel router" running Tor and pluggable transports (see pages 24 ff. of the slides).
    219176    [ Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin] by Metacortex and Grifter.
    220177* Guard nodes and network down events
    221 * Feedback on new OONI test deck format
    222 * RFC: Trunnel -- a binary parser generator for Tor and more
    223 * Arlo's July 2014
     178* gabelmoo and tor26 have stopped acting as Naming Directory Authorities letter for users ''should be a feature''
    224179* Last round of GSoC reports:
    225180  - Revamp GetTor
    232187  - HTTPS Everywhere
    233188  - PT transport combiner
    234 * txtorcon 0.11.0
    235 * Aphex Twin Announces New Album SYRO on Tor Hidden Service: http://syro2eznzea2xbpi.onion