[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Is "gatereloaded" a Bad Exit?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Is "gatereloaded" a Bad Exit?
From: Eddie Cornejo <cornejo@xxxxxxxxx>
Date: Sun, 30 Jan 2011 18:07:11 +1100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 30 Jan 2011 02:07:18 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=auv1jkbRjt53hHeWRs4PWgkxPNvceewD5i4adO1Oajg=; b=uZal5GYDRHAaPbno7CGgZwRGMTaYR62qp0Su748NsxjYokSeKv872OWeWGXcEKYvD0 NUBEYJeNQdZ0Ji07hvaoAbvOppZvEmamw4KV5+EOZXHTBhLkfwoL1SojLcQ+gfU+aaoy OecGRvghDol/r/+LusOPjG89CzeFPqZE+CBxA=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=SE6B9UeD6YTzlWzTHg68kGO9j8ccZsOtdyT61JAJb/WR7SBLcVZ1puMsKOHANUlOfy q9rxdIiSUt9SK5KQ+D6I8im8GJMtYbphujV/lTGYouTe3WZF2V7J5D0nMjmQEkioROe9 wXc2OzJ93GZLoDFm4dfLorWo0HyBY/joa5e9k=
In-reply-to: <20110130064502.GC2550@xxxxxxxxxx>
References: <4D44607C.6030900@xxxxxxxx> <20110129154414.6a0d9d91@kilik> <4D447EA9.5080404@xxxxxxxx> <AANLkTi=C7koc=qjDJn-X0Dw8KoPkRs6LB14_GbaH0QxG@xxxxxxxxxxxxxx> <AANLkTi=gd6zPpcu-WggHkVi5dAnYe46JwXQnb9zA0U_z@xxxxxxxxxxxxxx> <20110130045212.GA2550@xxxxxxxxxx> <20110130045743.GB2550@xxxxxxxxxx> <AANLkTimmbiQk5=JuEp62QEC84okMv+Nrd55on0ozP2EW@xxxxxxxxxxxxxx> <20110130064502.GC2550@xxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Howdy,

Thanks for replying.

> Yeah, I believe you're missing the fact that these ports also contain
> plaintext passwords than can be used to gain access to information on
> these and other accounts that may or may not have ever traveled over
> tor. That is the difference.

Actually, no I acknowledge that. I'm stating that this is a known
position. Regardless of whether you ban these nodes or not, ALL nodes
have the potential for reading unencrypted traffic. The FAQ I linked
clearly mentions this.

>> Finally there is no way that an exit node can directly affect the mode
>> choices by a client. Ie, apart from a particular node existing, there
>> is no way that a node could force a user to use it.
>
> See above.

Above? I'm sorry but I don't think you've addressed this point. Exit
node A can't force user Z to use it.

> We don't need bandwidth that bad.

A matter of opinion, but I'll accept it.

> I believe that allowing these nodes sends a message that we are OK
> with people monitoring plaintext traffic, because it is anonymized. We
> have never been OK with this.

Ok, I accept that this might send a message to 50ish nodes (if you ban
all 50+) but if someone was so inclined they could still do this by
allowing encrypted traffic and throttling it/blocking it outside of
TOR (transparent proxy perhaps?) I predict this is worse as the user
client will believe node A will honestly relay encrypted traffic and
will select it on this basis, only to find their connection is slow or
doesn't fully connect. Admitedly, this won't be a huge problem unless
a good number of nodes started doing this.

> People use plaintext at their own risk, and yes, they should know
> better, but this does NOT mean that we are comfortable feeding them to
> the wolves.

My argument is that you're not identifying wolves. If you were serious
about identifying wolves then could I suggest you create some dummy
accounts, send your password through all exit nodes individually and
see which of your accounts are accessed. This would positively
identify wolves. All you're achieving by soley looking at exit
policies is identifying things that may or may not be wolves and
ignoring the larger body of exit nodes that may or may not include
wolves. I submit your testing is flawed.

> If said exits are really interested in helping, they should alter
> their exit policy to allow encryption and then rekey. They will be
> banned by identity key, not by IP. Rekeying without fixing the exit
> policy will just result in IP bans.

I'm not sure I'm comfortable with dictating how an exit nodes
exitpolicy should be defined. Each policy should be up to the exit
node owner to decide. Just my 2c

-- 
Eddie Cornejo

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d? s: a C+++ UL+++ P++ L++ E- W+ N- o K- w++
O M-- V PS+ PE Y PGP++ t 5 X+ R tv-- b+ DI++++ D++
G e++ h r+++ y++++
------END GEEK CODE BLOCK------
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Follow-Ups:
- Re: Is "gatereloaded" a Bad Exit?
  - From: Mike Perry

References:
- Is "gatereloaded" a Bad Exit?
  - From: Jan Weiher
- Re: Is "gatereloaded" a Bad Exit?
  - From: Andrew Lewman
- Re: Is "gatereloaded" a Bad Exit?
  - From: Jan Weiher
- Re: Is "gatereloaded" a Bad Exit?
  - From: grarpamp
- Re: Is "gatereloaded" a Bad Exit?
  - From: Gregory Maxwell
- Re: Is "gatereloaded" a Bad Exit?
  - From: Mike Perry
- Re: Is "gatereloaded" a Bad Exit?
  - From: Mike Perry
- Re: Is "gatereloaded" a Bad Exit?
  - From: Eddie Cornejo
- Re: Is "gatereloaded" a Bad Exit?
  - From: Mike Perry

Prev by Author: Re: Is "gatereloaded" a Bad Exit?
Next by Author: Re: Is "gatereloaded" a Bad Exit?
Previous by thread: Re: Is "gatereloaded" a Bad Exit?
Next by thread: Re: Is "gatereloaded" a Bad Exit?
Index(es):
- Author
- Thread