[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #18456 [Tor]: Exits on 0.2.7 publicise all their IP addresses in their descriptor

Subject: [tor-bugs] #18456 [Tor]: Exits on 0.2.7 publicise all their IP addresses in their descriptor
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 01 Mar 2016 17:17:53 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 01 Mar 2016 12:18:05 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18456: Exits on 0.2.7 publicise all their IP addresses in their descriptor
------------------------+--------------------------------
     Reporter:  teor    |      Owner:
         Type:  defect  |     Status:  new
     Priority:  Medium  |  Milestone:  Tor: 0.2.8.x-final
    Component:  Tor     |    Version:  Tor: 0.2.7.2-alpha
     Severity:  Normal  |   Keywords:
Actual Points:          |  Parent ID:
       Points:          |    Sponsor:
------------------------+--------------------------------
 Roger and I just spoke about the feature in 0.2.7 where Exits ban all
 their local / configured IP addresses in their descriptor.

 If processes on an Exit trust connections from the local machine, this
 prevents Exits being attacked by making a connection to their IP
 addresses.

 But it also means that all exit addresses appear in the consensus.

 Roger thinks this will surprise some Exit operators. It also makes Exit IP
 addresses easier to censor.

 That said, if we silently block connections to these IP addresses, then
 clients can scan Exits and see which addresses are refused even though
 they are not banned in the Exit policy.

 We should contact relay operators with multiple IP addresses, and see if
 they appreciate this feature, or if they are surprised by it.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18456>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #18456 [Tor]: Exits on 0.2.7 publicise all their IP addresses in their descriptor
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #18456 [Tor]: Exits on 0.2.7 publicise all their IP addresses in their descriptor
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #18455 [Tor Browser]: modify Tor Browser packaging to avoid language prompt
Next by Author: Re: [tor-bugs] #13252 [Tor Browser]: Tor Browser on OS X should not store data into the application bundle
Previous by thread: Re: [tor-bugs] #18455 [Tor Browser]: modify Tor Browser packaging to avoid language prompt
Next by thread: Re: [tor-bugs] #18456 [Tor]: Exits on 0.2.7 publicise all their IP addresses in their descriptor
Index(es):
- Author
- Thread