[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] #2667 [Core Tor/Tor]: Exits should block reentry into the tor network

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] #2667 [Core Tor/Tor]: Exits should block reentry into the tor network
From: Roger Dingledine <arma@xxxxxxx>
Date: Wed, 31 Jan 2018 06:46:01 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 31 Jan 2018 06:46:17 -0500
In-reply-to: <8f7f0f17-9071-bb70-ca7b-f92c217517da@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <049.47ab79619dc18a8eaef698e245bfdb70@torproject.org> <064.4df32a6a8927aee22c6440bbb38e69d2@torproject.org> <8f7f0f17-9071-bb70-ca7b-f92c217517da@riseup.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.9.2 (2017-12-15)

On Wed, Jan 31, 2018 at 11:41:00AM +0000, nusenu wrote:
> > Comment (by arma):
> > 
> >  I continue to think that teaching exit relays to avoid allowing exit
> >  connections to known relays (IP:ORPort) is a good and useful step.
> > 
> >  We keep running across messy situations where letting somebody connect to
> >  a relay from an exit relay's IP address turns into a security surprise.
> 
> Does that mean that exits will no longer be able to run tor clients (ie. to 
> run apt updates via tor)?

No, they are unrelated. The things you describe would be connections
made by the Tor client, and the things I describe would be connections
made by building a circuit to the exit and sending a begin cell.

(Also, if you want to reply to a trac ticket comment, the strategy of
responding on the tor-relays list is a very odd approach. :)

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] #2667 [Core Tor/Tor]: Exits should block reentry into the tor network
  - From: nusenu

References:
- [tor-relays] #2667 [Core Tor/Tor]: Exits should block reentry into the tor network
  - From: nusenu

Prev by Author: Re: [tor-relays] A lot of Warn messages when bootstrapping Tor 0.3.2.9 (stable)
Next by Author: Re: [tor-relays] could Tor devs provide an update on DOS attacks?
Previous by thread: [tor-relays] #2667 [Core Tor/Tor]: Exits should block reentry into the tor network
Next by thread: Re: [tor-relays] #2667 [Core Tor/Tor]: Exits should block reentry into the tor network
Index(es):
- Author
- Thread