[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22820 [Core Tor/Tor]: Give the Exit flag to Exits that use the secure IRC port 6697



#22820: Give the Exit flag to Exits that use the secure IRC port 6697
----------------------------+----------------------------------
 Reporter:  teor            |          Owner:
     Type:  enhancement     |         Status:  new
 Priority:  Medium          |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor    |        Version:
 Severity:  Normal          |     Resolution:
 Keywords:  needs-proposal  |  Actual Points:
Parent ID:                  |         Points:  3
 Reviewer:                  |        Sponsor:
----------------------------+----------------------------------

Comment (by IgorMitrofanov):

 My email to tor-dev@ bounced for some reason. I'll paste what I got below.
 My main motivation is end-to-end encryption, so I won't be upset if a
 completely different solution ends up getting implemented.

 PROPOSAL:

 "
 Ticket: https://trac.torproject.org/projects/tor/ticket/22820
 All comments are welcome.

 ***

 0. Overview

    To allow exit relay operators to specify exit policies restricted to
    ports typically used with protocols featuring transport-level
    encryption, this proposal suggests treating port 6697 (IRC over
    TLS) as an alternative to port 6667 (IRC plaintext) for the
    purpose of assigning the 'Exit' flag to Tor relays.

 1. Background

    Today, a relay gets the 'Exit' flag if it allows traffic to exit to
    at least two of the following 3 ports: 80, 443, 6667. Without the
    'Exit' flag, a relay is unlikely to be selected by Tor clients as the
    exit node for their general-purpose circuits.

    Ports 80 and 443 were reserved for HTTP and HTTPS protocols,
    respectively. Due to the popularity of the WWW, they remained the
    least likely ports to be blocked by firewalls. Over time, software
    developers began to tunnel other types of traffic through these
    ports, rendering the relation between port numbers and the
    underlying protocols obsolete. Still, this proposal makes an
    assumption that most of the traffic directed to port 443 is TLS-
    encrypted, while most of the port 80 traffic remains plaintext.

    Port 6667 is commonly used by Internet Relay Chat (IRC) servers for
    plaintext communication with IRC clients. A consensus has been
    reached within the IRC community about listening on TCP port 6697 for
    incoming IRC connections encrypted via TLS.

 2. Motivation

     The lack of enforced end-to-end encryption creates substantial risks
     for both Tor users and Tor relay operators. New Tor users are
     generally unaware of the fact that malicious exit nodes can capture
     plaintext sensitive data and attack their browsers. Exit relay
     operators cannot prove (beyond reasonable doubt) that they are not
     responsible for any criminal activity linked to their node.

     Ultimately, the author of this proposal envisions a setting that
     allows any Tor user to force end-to-end encryption, so that the only
     party they need to trust is the one they communicate with. As the
     first step towards that vision, specifying encryption-oriented exit
     policies should become possible to begin with.

 3. Proposed 'Exit' flag policy

    Today, in order for a relay to receive the 'Exit' flag, it has to
    allow Tor traffic to exit to at least one /8 IPv4 address, plus have
    to accept at least 2 of the following 3 ports (protocols):

         80 (HTTP, plaintext)
         443 (HTTPS)
         6667 (IRC, plaintext)

     Effectively, to quality for the 'Exit' flag, a relay must allow
     connections to any of the following combinations of ports:

         80 and 443,
         80 and 6667,
         443 and 6667.

     This proposal extends the current policy of assigning the 'Exit'
     flag by adding the following 2 options:

         80 and 6697,
         443 and 6697*

     *The last option allows Exit relay operators to limit their support
     to normally-encrypted traffic only.

     No new flag need to be created (unless it is a good idea to allow
     users to prioritize such encryption-focused exit relays).

     The concensus algorithm should remain the same.

 4. Proposed addition to the list of reduced exit policies.

     On the torproject.org website, the following exit policy could be
     recommended to operators who need to minimize their exposure to
     plaintext traffic:

         ExitPolicy accept *:53 # DNS (does not require encryption)
         ExitPolicy accept *:443 # HTTPS
         ExitPolicy accept *:993 # IMAP over SSL
         ExitPolicy accept *:995 # POP3 over SSL
         ExitPolicy accept *:6697 # IRC over SSL

 5. Pros

     Allowing relay operators to specialize in relaying usually-encrypted
     traffic can reduce their risks and make more exit nodes available.

     More capacity dedicated to relaying encrypted protocols can make the
     Tor network faster at relaying that type of traffic, indirectly
     helping the adoption of those protocols.

     Tor users who must pick a specific exit relay (as opposed to picking
     one randomly) will be able to prioritize relays that favor encrypted
     traffic (and therefore are less likely to be malicious).

 6. Cons

     It is unclear how popular port 6697 compared to port 6667 is, and
     whether relay operators switching from 6667 to 6697 can negatively
     impact users accustomed to using IRC through its default port 6667.

     There are still a number of mostly-plaintext protocols (FTP, HTTP)
     that can become neglected if exit relay operators start to adopt
     exit policies limited to encrypted protocols only.
 "

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22820#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs