[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] Re: #1774 [Tor - Tor client]: how much of exit policies can we squeeze into microdescriptors?

To: undisclosed-recipients:;
Subject: [tor-bugs] Re: #1774 [Tor - Tor client]: how much of exit policies can we squeeze into microdescriptors?
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 30 Jul 2010 18:48:57 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivered-to: tor-bugs-outgoing@xxxxxxxx
Delivered-to: tor-bugs@xxxxxxxxxxxxxx
Delivery-date: Fri, 30 Jul 2010 14:49:05 -0400
In-reply-to: <044.c6d8011b0c59d9a188b444ab4f287e2b@xxxxxxxxxxxxxx>
References: <044.c6d8011b0c59d9a188b444ab4f287e2b@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: owner-tor-bugs@xxxxxxxxxxxxxx

#1774: how much of exit policies can we squeeze into microdescriptors?
------------------------------+---------------------------------------------
 Reporter:  arma              |       Owner:                     
     Type:  task              |      Status:  new                
 Priority:  normal            |   Milestone:  Deliverable-Sep2010
Component:  Tor - Tor client  |     Version:                     
 Keywords:                    |      Parent:  #1748              
------------------------------+---------------------------------------------

Comment(by nickm):

 '''What we lose''':

 We lose exit enclaving, but almost nobody uses it.  Looking at the
 desriptors in my cache, we have ONE that does accept "$my_ip/32:anything,"
 and many that do "reject $my_ip/32:*".  Further, thanks to having to
 resolve addresses before you use them, most users wouldn't have wound up
 with an exit enclave anyway.  If we want exit enclaving to work in the
 future, that's a good goal, but it doesn't work so well and isn't much
 used now.

 [Here and in the rest of this message, I'm using a definition of "exit" ==
 "Has at least one accept *:port entry."  You can reproduce my findings
 with the script I'll attach with this.)

 We won't miss private network support, since connecting to private
 networks never made sense unless you specified an address explicitly.

 We lose the ability to say "I reject nearly everything on port X, except
 for these addresses" in such a way that clients will use it without being
 told to do so explicitly.  Right now 6 exits in my cache seem do that: che
 (2 addresses), NSAFortMeade (27), lapiste (19), PotatoPalace (34),
 blahblahblah (2), and brazoslink (1).

 We lose the ability to say "Don't even bother trying to connect to this
 single address X from me" in a way that clients won't try.  (Arguably,
 since clients need to DNS lookup, we never had this ability in a reliable
 way.)  22 exits in my cache do this.

 Finally, we lose the ability for exits to tell clients in advance that
 they do (or don't) support big carve-outs of IP space with a portmask
 other than /32 and /0.  The clients need to connect, fail, and find out if
 reject lots of weird carve-outs... and if we accept lots of weird carve-
 outs, clients might never try at all.  There are right now only 27 exits
 that reject portions of netspace, and only 5 that accept portions of
 netspace.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1774#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

References:
- [tor-bugs] #1774 [Tor - Tor client]: how much of exit policies can we squeeze into microdescriptors?
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] Re: #1775 [Tor - Tor client]: Project: Make Tor speak UPnP and NAT-PMP for port-forwarding
Next by Author: [tor-bugs] Re: #1612 [Tor - BridgeDB]: Group unreserved bridges into buckets for people
Previous by thread: [tor-bugs] #1774 [Tor - Tor client]: how much of exit policies can we squeeze into microdescriptors?
Next by thread: [tor-bugs] #1775 [Tor - Tor client]: Project: Make Tor speak UPnP and NAT-PMP for port-forwarding
Index(es):
- Author
- Thread