Re: [tor-dev] Anycast Exits (related : Special-use-TLD support)

Subject: Re: [tor-dev] Anycast Exits (related : Special-use-TLD support)

From: Tim Wilson-Brown - teor <teor2345@xxxxxxxxx>

Date: Wed, 30 Sep 2015 15:39:29 +0200

Delivery-date: Wed, 30 Sep 2015 09:39:47 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:message-id :references:to; bh=fzivMv70CP1vTwi5RxAuaNe99XaTTyBFZzg6NsV+EiU=; b=QpuL23cXCPP/C6qvmu79trj+8ClVl6c+WocmZHbADINBNiaT7/Ou4Qrc43UzdPAyQg E6jsgRuq9I1oT6CVUpfWW1jh847BdvuSewwxWX11/i5Q87BGQw8lGSR6giiOfEcVuETB dS7aFhD3+Hg237wEkRArgqQAHlCI4MkSkSKt1n0TmiaOFL3IjLTDI/vf0zYOHz7dKTys AH3Onk0Uy6wTVK6fMPpqvvCX6CxTeztE1vmBzyhm7RYbhGJ8D9JqSxiliEfsYuZ6XEg2 sU03g8/8KpcH0wDlm14hZnuibuCWUOsRV/T1bxBKIHCMMRExas2ZpnPa0Lji1Exy8u8a tHkw==

In-reply-to: <1443617625.1686.226.camel@xxxxxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-dev/>

List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>

List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>

List-post: <mailto:tor-dev@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>

References: <1443617625.1686.226.camel@xxxxxxxxxx>

Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 30 Sep 2015, at 14:53, Jeff Burdges <burdges@xxxxxxxxxx> wrote:
...

Filename: xxx-anycast-exit.txt
Title: Anycast Exit
Author: Jeffrey Burdges
Created: 28 September 2015
Status: ?
Implemented-In: ?
â

Server Side

We propose an AnycastExit Tor configuration option

AnycastExit <protocol> <host>:<port>

Here protocol must be a string consisting of letters, numbers, and
underscores.

There are two changes Tor's behavior resulting from this option :

First, Tor adds the line "ACE <protocol> <host>:<port>" to the node's
full descriptor.

Second, Tor allows connections to ip:port as if the torrc contains :
ExitPolicy allow<host>:<port>
As ExitPolicyRejectPrivate defaults to 1, these policies should be
allowed even if the ip lies in a range usually restricted.
In particular localhost and 127.0.0.1 are potentially allowed.

Tor exit policies donât contain hostnames like âlocalhost", did you mean 127.0.0.0/8 and ::1?

I am concerned about the security considerations of opening up local addresses, as local processes often trust connections from the local machine. Perhaps we could clarify it to say that only the specific port on 127.0.0.0/8 and ::1 is allowed?

I also suggest that we specify the following rules based on the current (0.2.7.3) implementation of policies_parse_exit_policy_internal:

* Block all IPv6 if IPv6Exit is 0

* If AnycastExit is set, allow 127.0.0.0/8:port and, if IPv6Exit is 1, [::1]:port

* If ExitPolicyRejectPrivate is 1:

* reject private addresses (0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, [::]/8, [fc00::]/7, [fe80::]/10, [fec0::]/10, [ff00::]/8, [::]/127)

* reject relayâs configured IPv4 and IPv6 address

* reject relayâs interfacesâ IPv4 and IPv6 addresses

* Then add the default exit policy

Regards

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev