[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: ExcludeNodes setting bypassed
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: ExcludeNodes setting bypassed
- From: G-Lo â <g.lo.subber@xxxxxxxxx>
- Date: Sat, 13 Feb 2010 09:48:29 +0100
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sat, 13 Feb 2010 03:48:39 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id :disposition-notification-to:date:from:user-agent:mime-version:to :subject:references:in-reply-to:x-enigmail-version:openpgp :content-type:content-transfer-encoding; bh=efoylxIv+8/rL9Y578mUjYgEg1UtUnHgyy3hJJhb+iA=; b=kVPquudTQwMTrGAFjlAtfQpS45+ZblkN7x7QomohC3ASDdtNaH7LM1Uz1L1XBr1l/u sMWWWEIVrlor7wXF+gcV9k5AFflXyuDPrIkOiMLkwN5dPAxRifHca9C3ALOwPsqYYzDz 0wH6duPpCYLV8oPhcLbLAmnKMTFlm69vMcuOM=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:disposition-notification-to:date:from:user-agent :mime-version:to:subject:references:in-reply-to:x-enigmail-version :openpgp:content-type:content-transfer-encoding; b=kPHx3FjT5rxrZDrdJ8Uy0JC9vRdW1b9+dhhMEQU4DTcYMU6FWcVlOLyBhdKEhNP7b0 RLTHfbtKf6RJE1VJAVvIGm3i7rPjau7yUahj+cfgQssNvvw4rk/SvpawDhZ7xnouSFnq YZNYcmWfzqTiYdQyyGYDtc1o6Lv/QvAGs394M=
- In-reply-to: <e8ac78311002121924p776cc558t6d733600d652b8b6@xxxxxxxxxxxxxx>
- Openpgp: id=D20D1248; url=subkeys.pgp.net
- References: <N1-pr2DKwrIHw@xxxxxxxxxxxxx> <e8ac78311002121924p776cc558t6d733600d652b8b6@xxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 2.0.0.23 (Windows/20090812)
Nick Mathewson wrote:
> On Fri, Feb 12, 2010 at 6:10 AM, <twinkletoedturtle@xxxxxxxxxxxxx> wrote:
>> This thread is being forked from the original as it doesn't entirely
>> depend on the user(s) using bridges and this problem. I understand
>> the purpose of Tor and know individuals, organizations, as well as
>> governments use Tor, so why be surprised when governments use Tor?
>> But if these individuals are correct, why are dc nodes making the
>> exception with ExcludeNodes and passing through? Is there an attack
>> on Tor certain nodes use to bypass this feature?
>>
>> From: Andrew Lewman
>>
>> "Yes, https://bugs.torproject.org/flyspray/index.php?do=details&id=1090.
>> We're still working on it. In fact, we're working on rewriting the
>> entire codebase around {Exclude}{Entry|Exit}Nodes options."
>
> I'll try to expand on the understand the bug report you are citing,
> since the stuff there really _does_ explain what the problem is,
> albeit in programmer-speak.
>
> The root problem here is in the way that node selection was originally
> written. We needed to solve the question of, "what should we do when
> the user requests that only certain nodes be used, and then makes a
> request that those nodes cannot satisfy?" Some examples where
> excluding nodes can make it impossible to fulfill a request include:
> - Excluding a node, then choosing that node as the exit for a
> particular circuit.
> - Excluding every introduction point for a hidden service, then
> trying to connect to that hidden service.
> - Excluding every distributed directory point for a hidden service,
> then trying to look up its descriptor.
> - Operating a hidden service, when the client picks a rendezvous
> point you've excluded.
> - Trying to connect to an IP:Port when you have excluded every exit
> node that would support it.
> - Trying to bootstrap when you have excluded every directory authority.
>
> In *most* of these cases, we figured that recent requests should
> override old requests, so if the user says "don't do X" and then says
> "do X", they probably meant the latter rather than the former.
> Similarly, we figured that people mostly wanted their requests not to
> break, and would get irritated if excluding nodes meant that their
> hidden service requests could break at random. So (IIUC) we set up
> the code so that some service requests that could only be granted with
> excluded nodes would produce a warning rather than a complete failure.
>
> It turns out this wasn't the choice a lot of people want: they want to
> be able to say "Never ever ever use these nodes. If I ever make a
> request that can only be satisfied with nodes I've excluded, reject
> that request, even if it means I don't get the hidden services I want,
> or I can't bootstrap, or whatever." This isn't a crazy thing to ask
> for at all. As Andrew said, Roger's working on rewriting big chunks
> of the node selection code to support this feature. As Andrew said,
> check out Bug 1090 for the details and progress.
>
> (Another confusing aspect here is that "exclude X as an exit node" has
> been taken by some people to mean that all circuits ending at X should
> be verboten. But circuits can end at a node for reasons other than
> sending traffic out of the network, including accessing a hidden
> service via a rendezvous point, performing a self-test, or accessing a
> directory server. Perhaps what people really want is an
> ExcludeAsLastHop option, and we should build that instead.)
>
> Another goal of the node-selection rewrite, BTW, is to simplify the
> node selection process. It's pretty complex, and there could well be
> more bugs in it. We should also work on specifying the whole thing
> better, so it's easier to tell surprises from bugs; Sebastian said he
> was interested in trying that out in whatever free time he has left.
>
> So that's what's going on here. It is not in fact, a sooper-sekrit
> government backdoor. There is not any exception for nodes in
> Washington, Moscow, Area 51, or the Bermuda Triangle. It's a node
> selection algorithm which was originally written with a false UI
> assumption (that people would want working requests to trump
> configuration settings), and which Roger's been trying to make more
> like what people want. Some of it's already rewritten in 0.2.2.x;
> some will take more work.
>
> And as for whoever thinks that Roger not getting the code rewritten
> fast enough for their taste means that we're a bunch of contemptible
> lying double-dealing sellouts who would sabotage our own life's-work
> for whatever reason: They are mistaken. For my part, I'd rather quit
> software entirely than back-door Tor, and I believe that goes for
> everybody on the project.
>
> Sorry for the intemperate digression.
>
> Hope this helps,
ÃÃÃÃ :)
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/