Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

Subject: Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

From: Tim Wilson-Brown - teor <teor2345@xxxxxxxxx>

Date: Wed, 6 Jan 2016 22:21:31 +1100

Delivery-date: Wed, 06 Jan 2016 06:21:43 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:message-id :references:to; bh=oqDC8oDJmKtiAnS3Dhqy+0cwBe+aujGRwoeBPaaXGZ4=; b=nR2cKVFc5c0rh3qCLba5X5Ju9P3D+lns49mVY9yBxP5RT0PozSV9IDcPX6T3miWzzo hvgy9YLn2n94zATHJqa0Ee3cuMUv/dDQ59dc8otzL7qdOVosMp1T9u/yruvZElXuXF68 x7bIJ/RfrNZ9NAqHvKxfe+vFAiz0of0ds9CJk5rUokCAM0YdfILyvzPE6BPzQLj7T4lB p5AMuGAZxv7SMpuJ2hWqdPj1qG5/hvlxMomd2x1O5fZlRIKZqPsU1X8ZHPNBik3R5wzZ OiO92VZqJDKUScF++dEOvtDiGXLOalqdQALwNCRMsHD4uW8esvffhJdCBRbqOruJpftB zjng==

In-reply-to: <CADop2NFbsqcHzbeSzGve73h4+R-O9+aDRfMRuHEifv==2hErQg@xxxxxxxxxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-dev/>

List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>

List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>

List-post: <mailto:tor-dev@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>

References: <568B0E7E.70105@xxxxxxx> <568CE4E7.204@xxxxxxxxxxxxxx> <CADop2NFbsqcHzbeSzGve73h4+R-O9+aDRfMRuHEifv==2hErQg@xxxxxxxxxxxxxx>

Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 6 Jan 2016, at 21:26, Virgil Griffith <i@xxxxxxxxx> wrote:

Tom, to ensure I understand you clearly, is your argument that relays that export only unencrypted shouldn't get the Exit Flag because insecure/unecrypted traffic "isn't what Tor is intended for?" I want to be sure that I'm fully understanding your proposal.

If adversaries can set up Exit relays that only permit insecure/unecrypted traffic, then they can inspect/interfere with all the traffic going through that Exit. As can any adversary that is on the upstream path from that Exit.

If we ensure that Exits must pass some encrypted traffic, then running an Exit is less attractive to an adversary. And even adversaries contribute useful, secure bandwidth to the Tor Network.

So this policy is intended to protect users, and encourage non-adversarial contributions to network bandwidth.

(Given the small number of Exits flags affected by this change, I'm not sure if this policy is responsible for all the good Exits, or if our exit-checking tools are responsible.)

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev