Changes between Version 35 and Version 36 of TorWeeklyNews/2014/33


Ignore:
Timestamp:
Aug 19, 2014, 10:18:33 AM (6 years ago)
Author:
harmony
Comment:

add more misc

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2014/33

    v35 v36  
    1111
    1212Welcome to the thirty-third issue of Tor Weekly News in 2014, the weekly
    13 newsletter that covers what is happening in the XXX Tor community.
     13newsletter that covers what is happening in the Tor community.
    1414
    1515Tor Browser 3.6.4 and 4.0-alpha-1 are out
     
    5757 [XXX]: https://www.torproject.org/dist/torbrowser/
    5858
    59 The Tor network doesn't support addressing relays by name anymore
    60 -----------------------------------------------------------------
    61 
    62 Since the very first versions of Tor [XXX], relay operators have been
    63 able specify “nicknames” for their relays. Such nicknames were initially
    64 meant to be unique accross the network, and operators of directory
    65 authorities would manually “bind” a relay identity key after verifying
    66 the nickname. The process became formalized with the “Named” flag
    67 introduced in the 0.1.1 series [XXX], and latter automated with the
    68 0.2.0 series. If a relay held a unique nickname for long enough, the
    69 authority would recognize the binding, and subsequently reserve the name
    70 for half a year.
    71 
    72 Nicknames are useful because it appears humans are not very good at
    73 thinking using long strings of random bits. Initially, they made it
    74 possible to understand what was happening in the network more easily,
    75 and to address a specific relay in a shorter way. Having two relays with
    76 the same nickname in the whole network is not really problematic when
    77 one is looking at nodes, or a list on Globe [XXX] as relays can always
    78 be differentiated by their IP addresses or identity keys.
    79 
    80 But complications start when nicknames are used to specify a relay and
    81 not another. If the wrong relay get selected, then it can become a
    82 security risk. Even if a good amount of efforts [XXX] have been spent
    83 trying to improve the situation, properly enforcing uniqueness has
    84 always been problematic and a burden for the few directory authorities
    85 handling naming.
    86 
    87 Back in April, “Heartblead” [XXX] forced many relays to switch to a new
    88 identity key, thus loosing their “Named” flag. Because this meant that
    89 anyone addressing relays with nickname would now have a hard time
    90 continuing to do so, this was seen by Sebastian Hahn as the opportunity
    91 to get rid of the idea entirely [XXX].
    92 
    93 This week, Sebastian wrote [XXX]: “Code review down to 0.2.3.x has shown
    94 that the naming-related code hasn't changed much at all, and no issues
    95 were found which would mean a Named-flag free consensus would cause any
    96 problems. gabelmoo and tor26 have stopped acting as Naming Directory
    97 Authorities, and — pending any issues — will stay that way.”
    98 
    99 This mans that addressing relays by nicknames has now stopped working.
    100 “If you — in your Tor configuration file — refer to any relay by name
    101 and not by identity hash, please change that immediately. Future
    102 versions of Tor will not support using names in the configuration at
    103 all”, warns Sebastian [XXX].
    104 
    105  [XXX]: https://gitweb.torproject.org/tor.git/blob/161d7d1:/src/config/torrc.in#l20
    106  [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/attic/dir-spec-v2.txt#l427
    107  [XXX]: https://globe.torproject.org/#/search/query=Unnamed
    108  [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/122-unnamed-flag.txt
    109  [XXX]: https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
    110  [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/235-kill-named-flag.txt
    111  [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007348.html
    112  [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-August/034380.html
    113 
    114 Monthly status reports for XXX month 2014
    115 -----------------------------------------
    116 
    117 The wave of regular monthly reports from Tor project members for the
    118 month of XXX has begun. XXX released his report first [XXX], followed
    119 by reports from name 2 [XXX], name 3 [XXX], and name 4 [XXX].
    120 
    121  [XXX]:
    122  [XXX]:
    123  [XXX]:
    124  [XXX]:
    125 
    12659Miscellaneous news
    12760------------------
    12861
     62meejah announced [XXX] the release of version 0.11.0 of txtorcon, a
     63Twisted-based Python controller library for Tor. This release brings
     64several API improvements; see meejah’s message for full release notes
     65and instructions on how to download it.
     66
     67 [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007375.html
     68
     69Nick Mathewson asked for comments [XXX] on Trunnel, “a little tool to
     70automatically generate binary encoding and parsing code based on
     71C-like structure descriptions” intended to prevent Heartbleed-style
     72vulnerabilities from creeping into Tor’s binary-parsing code in C. “My
     73open questions are: Is this a good idea? Is it a good idea to use this
     74in Tor? Are there any tricky bugs left in the generated code? What am I
     75forgetting to think of?”, wrote Nick.
     76
     77 [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007355.html
     78
     79Arturo Filastò requested feedback [XXX] on some proposed changes to
     80the format of the “test deck” used by ooni-probe, the main project of
     81the Open Observatory of Network Interference. “A test deck is basically
     82a way of telling it ‘Run this list of OONI tests with these inputs and
     83by the way be sure you also set these options properly when doing
     84so’…This new format is supposed to overcome some of the limitations of
     85the old design and we hope that a major redesign will not be needed in
     86the near future”, wrote Arturo.
     87
     88 [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007353.html
     89
    12990Tor’s importance to users who are at risk, for a variety of reasons,
    130 makes it an attractive target for creators of malware who distribute
     91makes it an attractive target for creators of malware, who distribute
    13192fake or modified versions of Tor software for malicious purposes.
    13293Following a recent report of a fake Tor Browser in circulation, Julien
     
    139100 [XXX]: https://www.torproject.org/docs/verifying-signatures
    140101
    141 Item 2 with cited source [XXX].
     102Arlo Breault submitted a status report for July [XXX].
    142103
    143 Item 3 with cited source [XXX].
    144 
    145  [XXX]:
    146  [XXX]:
    147  [XXX]:
     104 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-August/000622.html
    148105
    149106Tor help desk roundup
     
    199156
    200157
    201 This issue of Tor Weekly News has been assembled by XXX, Matt Pagan,
    202 Sebastian Hahn and Ximin Luo.
     158This issue of Tor Weekly News has been assembled by XXX, Matt Pagan, and
     159XXX.
    203160
    204161Want to continue reading TWN? Please help us create this newsletter.
     
    212169}}}
    213170
    214 * (''Not sure how to write this, I wish dcf could provide a short writeup -- Lunar'')  Tor-related talks at [https://www.defcon.org/html/defcon-22/dc-22-index.html Def Con 22], August 7–10, 2014 in Las Vegas:
     171* Tor-related talks at [https://www.defcon.org/html/defcon-22/dc-22-index.html Def Con 22], August 7–10, 2014 in Las Vegas:
    215172  * [https://defcon.org/html/defcon-22/dc-22-speakers.html#Zoz Don’t Fuck It Up] ([http://dropcanvas.com/d85g8 slides], temporary URL) by Zoz. Zoz talked about how to use Tor and other tools to keep safe while practicing civil disobedience.
    216173  * [https://defcon.org/html/defcon-22/dc-22-speakers.html#Lackey Masquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring] ([https://www.portalmasq.com/portal-defcon.pdf slides], [http://arstechnica.com/information-technology/2014/08/a-portable-router-that-conceals-your-internet-traffic/ Ars Technica]) by Ryan Lackey, Marc Rogers, and the Grugq. The talk was different than what the title and abstract imply. They discussed a hardware "travel router" running Tor and pluggable transports (see pages 24 ff. of the slides).
     
    219176    [https://defcon.org/html/defcon-22/dc-22-speakers.html#Metacortex Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin] by Metacortex and Grifter.
    220177* Guard nodes and network down events https://lists.torproject.org/pipermail/tor-dev/2014-August/007346.html
    221 * Feedback on new OONI test deck format https://lists.torproject.org/pipermail/tor-dev/2014-August/007353.html
    222 * RFC: Trunnel -- a binary parser generator for Tor and more https://lists.torproject.org/pipermail/tor-dev/2014-August/007355.html
    223 * Arlo's July 2014 https://lists.torproject.org/pipermail/tor-reports/2014-August/000622.html
     178* gabelmoo and tor26 have stopped acting as Naming Directory Authorities https://lists.torproject.org/pipermail/tor-dev/2014-August/007348.html letter for users https://lists.torproject.org/pipermail/tor-talk/2014-August/034380.html ''should be a feature''
    224179* Last round of GSoC reports:
    225180  - Revamp GetTor https://lists.torproject.org/pipermail/tor-dev/2014-August/007368.html
     
    232187  - HTTPS Everywhere https://lists.eff.org/pipermail/https-everywhere/2014-August/002234.html
    233188  - PT transport combiner https://lists.torproject.org/pipermail/tor-dev/2014-August/007393.html
    234 * txtorcon 0.11.0 https://lists.torproject.org/pipermail/tor-dev/2014-August/007375.html
    235 * Aphex Twin Announces New Album SYRO on Tor Hidden Service: http://syro2eznzea2xbpi.onion http://pitchfork.com/news/56341-aphex-twin-announces-new-album-syro-via-the-deep-web/