[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: DuckDuckGo now operates a Tor exit enclave

To: or-talk@xxxxxxxxxxxxx
Subject: Re: DuckDuckGo now operates a Tor exit enclave
From: Gregory Maxwell <gmaxwell@xxxxxxxxx>
Date: Sun, 15 Aug 2010 15:13:20 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 15 Aug 2010 15:13:29 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=2xoJGT4arp2YauU7WOu9yyherjRh4fIVIxwLLFfv584=; b=n98Y3uHgq5/xyt5OASAQKil5n8H4271/0EteWnHfuoOk4Vq5mLFTxC5lEVzvHJ7gvh Z7y9hxXrgZ0lvLnSj/iRKX05sNNsM76MJUtzZ8S7yCoP/OnCbDY32VIEqZsPTJpxB4vm qMymKW550fmEWwD8LRieTSNtvh90IZU0sEWKY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=v83egFgatp0RnKRj1Fy5XQQidY85zn+0FeN259VrvywVvZRfVb5/xiPAHrRGyw6OGc S2Qc/OLD5P11qlMAhj7nW7w2sGV3TcvKP8/73Y/NTna7ckDFldBWOSc6xF9xrndRQ3hA pKO5wycIOjf1nZbr7EhNbQNmJ4ucTV0kWMRZU=
In-reply-to: <1281898011.15062.4.camel@anglachel>
References: <20100813163246.GF14773@xxxxxxxxx> <4C667770.9040701@xxxxxxxxxxxxx> <4C680A60.10304@xxxxxxxxxxxxx> <1281898011.15062.4.camel@anglachel>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Sun, Aug 15, 2010 at 2:46 PM, Ted Smith <teddks@xxxxxxxxx> wrote:
> On Sun, 2010-08-15 at 17:40 +0200, Michael Scheinost wrote:
>> 2. Why is it offering HTTP
>> If duckduckgo.com really cares for the anonymity and privacy of its
>> users, why do they offer unencrypted HTTP?
>> Even if tor users are encouraged to use HTTPS, some of them will
>> forget
>> doing so.
>
> There's no point in HTTPS if you're using an exit enclave. The traffic
> is encrypted in the Tor cloud, exits that cloud **on the service's
> localhost address**, and if it were encrypted, would be transmitted as
> ciphertext to the service port on the local interface.
>
> If you're proposing a threat model wherein loopback is an untrusted
> connection, you have bigger problems than, well, anything.

Except that users often won't use the exit enclave due to limitations in tor.

The first connection to a destination will not use the exit enclave
because prior to the first connection the node will be unaware of the
destination IP and thus unaware of the existence of the enclave.

Incomplete directory information can also cause nodes to not use enclaves.

Exits with falsified DNS will cause nodes not to use enclaves.

These weaknesses could all be reduced or eliminated, but I don't think
people have cared too much about the exit enclave functionality.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

References:
- DuckDuckGo now operates a Tor exit enclave
  - From: Eugen Leitl
- Re: DuckDuckGo now operates a Tor exit enclave
  - From: Michael Scheinost
- Re: DuckDuckGo now operates a Tor exit enclave
  - From: Michael Scheinost
- Re: DuckDuckGo now operates a Tor exit enclave
  - From: Ted Smith

Prev by Author: Re: DuckDuckGo now operates a Tor exit enclave
Next by Author: Re: Tor Project 2008 Tax Return Now Online
Previous by thread: Re: DuckDuckGo now operates a Tor exit enclave
Next by thread: Tor Project 2008 Tax Return Now Online
Index(es):
- Author
- Thread