[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #11469 [Tor]: Exit not using one hop circuit to Directory Server

Subject: Re: [tor-bugs] #11469 [Tor]: Exit not using one hop circuit to Directory Server
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 15 May 2014 15:32:01 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 15 May 2014 11:32:14 -0400
In-reply-to: <047.8051d0b9a46c60c2c4c8dbd0b4b6748e@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.8051d0b9a46c60c2c4c8dbd0b4b6748e@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#11469: Exit not using one hop circuit to Directory Server
-------------------------+--------------------------------------------
     Reporter:  bburley  |      Owner:  nickm
         Type:  defect   |     Status:  needs_review
     Priority:  major    |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor      |    Version:
   Resolution:           |   Keywords:  one-hop directory 024-backport
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+--------------------------------------------

Comment (by nickm):

 > Taking steps to operate in bridge mode and other attempts to look
 "normal" can be blown away by communicating in the clear with the
 directories

 But bridges don't communicate in the clear, do they?

 > I believe, in my test environment, that I could enumerate my
 infrastructure by looking at the unencrypted directory traffic

 if you're an adversary trying to enumerate the Tor network, you could do
 that (excluding bridges and clients) by just connecting to the directory
 authorities yourself and downloading the consensus document.  Having the
 non-bridge Tor relays and directory authorities themselves be undetectable
 is not part of the current design. An attacker doesn't need to enumerate
 them: the directory infrastructure enumerates them for you.

 Bridges and clients, on the other hand, don't make unencrypted directory
 connections (I certainly hope), so trying to enumerate them by plaintext
 patterns really shouldn't work.

 To be clear, I think there could be a case to be made for "relays should
 never make unencrypted directory connections", but it's not an obvious
 case fwict.  I think we should open a new ticket for that, so that this
 one can be about the breakage in the current behavior wrt the indirection
 argument in `directory_post_to_dirservers()`.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11469#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #11215 [BridgeDB]: Add timestamp/expiry to HMAC verification code in BridgeDB's local CAPTCHAs
Next by Author: [tor-bugs] #11972 [Ooni]: Make a test that measures both HTTP and DNS censorship
Previous by thread: Re: [tor-bugs] #11469 [Tor]: Exit not using one hop circuit to Directory Server
Next by thread: Re: [tor-bugs] #11469 [Tor]: Exit not using one hop circuit to Directory Server
Index(es):
- Author
- Thread