[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal: Single onion services

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal: Single onion services
From: tordev123@xxxxxxxxxxxxx
Date: Sat, 5 Sep 2015 04:23:31 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 05 Sep 2015 04:23:51 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=N1-0105; d=Safe-mail.net; b=QYFH4oQxFJ7h/lc0+aYQJYyVSrB5dWx8vD8dMx9Hemq6XBmgzivqu/hFbG3RHppv Opt3RiyJ4PEuqEuXJbViIZR3r5rsl9jA8sN6r+XMnrXKdp0MoVx215Ezf6743bBl xBF4wq3mK6b8KTVC75E3KByDnMQWX4CWU5x2Uong5mE=;
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

-------- Original Message --------
From: John Brooks <john.brooks@xxxxxxxxxxxxxxxx>
To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal: Single onion services
Date: Fri, 4 Sep 2015 15:31:15 -0600

> tordev123@xxxxxxxxxxxxx wrote:
> 
> > Doesn't your proposal imply that you are turning all relays into
> > exit-nodes lite? The last relay in the path will know what service you are
> > connecting to (at least if that service is hosted with a unique relay),
> > right?
> 
> A single onion service operates its own server(s). These servers accept OR
> connections like a relay does, but they arenât required to be in the
> consensus or to relay traffic. They are the servers listed in the
> descriptor.

Right, that's how I understood things.

> A client connects by extending a circuit to the single onion server. This is
> not the same as an exit connection: tor relays will extend circuits to
> relays they don't know about, as long as the destination speaks the tor
> protocol. Itâs possible for any tor relay to be used as the last one before
> the single onion server.
> 
> If the single onion server isnât also a tor relay, itâs possible for the
> previous relay to guess the service youâre connecting to.

That is a large part of my concern.

> This isnât a risk
> to client anonymity, because tor clients will always choose the first three
> hops in a circuit before extending to one they didnât choose.

I'm not concerned about clients.

> The final circuit looks like:
> 
> Client -> Guard -> Middle -> Middle -> Single Onion
> 
> The clientâs traffic is encrypted through to the single onion server as
> well.

IMO, the second Middle relay can be considered serving as an exit with regards to Single Onion services - that's what I meant with 'exit node lite'.

There was the case of an Austrian exit node operator getting prosecuted. It will sometimes be possible to attribute traffic relating to specific transactions to the second Middle node in the path (e.g. when the single onion server keeps detailed logs). So the circumstances of that case could apply to a non-exit relay operator as well.

Your proposal is shifting non-exit relays towards performing a role that can be considered exit-like, even if that role is much more limited than normal exits (and there is an additional Tor protocol layer involved).
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Proposal: Single onion services
  - From: John Brooks

Prev by Author: [tor-dev] tor-browser git repository
Next by Author: Re: [tor-dev] Let's identify which measurement-related tools n eedwork when relays switch from RSA identities to ed25519 identities
Previous by thread: Re: [tor-dev] Proposal: Single onion services
Next by thread: Re: [tor-dev] Proposal: Single onion services
Index(es):
- Author
- Thread