[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: A way to allow firewalled exit nodes [Was: Re: getting more exit nodes]



     On Tue, 29 Apr 2008 14:50:15 +0100 Michael Rogers <m.rogers@xxxxxxxxxxxx>
wrote:
>F. Fox wrote:
>> I think that adding a "firewall-piercing" rendezvous-type system (like
>> STUN, or I2P's SSU) to allow heavily-firewalled nodes to act as exits -
>> ON A STRICTLY VOLUNTARY BASIS (i.e., off by default) - might be a nice
>> feature.
>
>Maybe Tor could copy Gnutella's connection reversal trick: if a node X 
>is firewalled, it connects to any unfirewalled node Y and publishes Y's 
>address in its descriptor. When an unfirewalled node Z wants to open a 
>connection to X, it sends a message to X through Y, and X opens a 
>connection back to Z. The X->Z connection is used exactly as if it were 
>a Z->X connection established in the normal way. The circuit doesn't 
>pass through Y, so all the crypto from TLS upwards remains the same.
>
>Your comments about modifying the descriptors would still apply, though, 
>and clients would have to be aware of it because connection reversal 
>can't establish a connection between two firewalled nodes, so no circuit 
>could contain two consecutive firewalled nodes (I guess that might have 
>implications for anonymity as well). But if it allows more people to run 
>nodes then maybe it's a worthwhile tradeoff?
>
     Looks good to me.  And it eliminates the need for non-firewalled
servers to keep a separate, local directory of directly connected servers
like I was proposing, and that is very much better, IMHO.
     I don't see any real threat to anonymity along the line that you
mention.  The specially marked descriptors would represent *additional*
servers to the pool of existing servers to choose from in selecting a
route.  I agree that initially there might be a small risk involved when
the first few such firewalled servers appear on-line, but once the numbers
increase, that problem goes away.  When tor first came into use, the
number of exit servers must have been very small at first, but there are
so many now that the use of a minority fraction of the total server count
is not a significant risk factor.
     It looks to me as though we may have a design embryo already.  Perhaps
Roger and Nick could comment and give their thoughts on what else may be
needed for it.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************