[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Injecting client data through your own server

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Injecting client data through your own server
From: Paul Syverson <syverson@xxxxxxxxxxxxxxxx>
Date: Tue, 30 Aug 2005 15:38:54 -0400
Cc: Paul Syverson <syverson@xxxxxxxxxxxxxxxx>
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 30 Aug 2005 15:40:39 -0400
In-reply-to: <20050830184531.GB21220@eff.org>
References: <7d9163f3050829225259fa115e@mail.gmail.com> <20050830055838.GM4630@localhost.localdomain> <7d9163f30508292308ef4504c@mail.gmail.com> <20050830184531.GB21220@eff.org>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.4.1i

On Tue, Aug 30, 2005 at 11:45:32AM -0700, Chris Palmer wrote:
> Arrakis Tor writes:
> 
> > What i understood is that when you send data to the entrynode it is in
> > plaintext. Only then is it encrypted and passed through the circuit.
> > The entrynode can read the plaintext data, no?
> 
> Roger answered, but let me supplement. There might be confusion as to
> what the entry node actually is. There is the onion proxy (OP), which is
> the Tor instance that actually receives the original request directly
> from your application; the OP is not the same as the first onion router
> (OR) in your randomly selected Tor circuit. The first OR is the "entry
> node".
> 
> In diagram 3 on <http://tor.eff.org/overview.html>, the OP is running on
> Alice's computer, and the upper left Tor server is the first OR.
> 
> The traffic between the application and the OP is unencrypted, but we
> don't show that on our diagram because, if you are wise and run the OP
> on the same machine as the application, it doesn't matter (much).
> 

Just to add, usually you would want to run the OP on the same machine
as the application, but you may need for it to be in a different place.
For example, in a corporate environment where local communication is
subject to monitoring you might want the OP and OR both at a firewall.
Or if you are unable to run an OP locally but can set up an encrypted
connection to somewhere trusted to proxy for you.

Much of this is discussed in "Onion Routing Access Configurations"
http://www.onion-router.net/Publications.html#DISCEX-2000
This paper is pre-Tor so will have some obviously dated aspects.
I also have the slides describing access policies and illustrating
about a half dozen different configurations if anybody
wants to see them.

-Paul

References:
- Injecting client data through your own server
  - From: Arrakis Tor
- Re: Injecting client data through your own server
  - From: Roger Dingledine
- Re: Injecting client data through your own server
  - From: Arrakis Tor
- Re: Injecting client data through your own server
  - From: Chris Palmer

Prev by Author: Re: Tor on USB
Next by Author: Re: Jabberd, AdiumX and TOR(reason for the crossposting..)
Previous by thread: Re: Injecting client data through your own server
Next by thread: google search redirected to language/country of Tor exit node
Index(es):
- Author
- Thread