[nbraud]

> The problem is more like that tor relies on a few directory authorities and the only protection they have is geographic distribution and the public outcry should a set of nation state go actually seize them.

Seizing the DirAuth wouldn't achieve anything useful: all the data that the DirAuth has access to is a matter of public record (literally, the role of the DirAuth is to collect that data, sign it cryptographically and vote on it).

A group of nation-states looking to attack Tor this way would need to stealthily subvert a majority of the DirAuth, and manipulate the network consensus in a way that is both hard to detect and allows them to deanonymise users; that's very far from trivial.

[apk17]

I don't know the timeout for that, but after some time no tor node would work without the dirs being present, or being manually pointed to new ones.

The question is whether someone would want to subvert or rather just shut down the tor network.

[nbraud]

Ah, ok, you were referring to the DoS vector.

Yes, a simultaneous seizure of the DirAuth would do that, breaking Tor relays and clients until the software is updated (the list is in src/or/config.c if you are curious).

On the other hand, it's a move that would require international cooperation <i>and</i> cost lots of political capital, whose only result would be a temporary (but global) DoS.