>>> The problem is, anyone, including adversaries can run Tor >>> relays. > >> Interesting consideration. I'd prefer limiting the tor_routers >> ipset to relays with a Guard flag, which would make an attack more >> difficult to pull off. > > Getting the guard flag isn't really difficult. It won't make attacks much harder for malicious relays, yes. But keeping unusual Tor traffic, like entry to a non-Guard, off the network may be worthwhile for other reasons. > It's an documented and automated process. What is that process? >> But a freshly installed Tor client will not necessarily fetch its >> first consensus through a Guard, right? > Some guards and directory mirrors are hardcoded in Tor. I only see the directory authorities, what code bakes in guards and directory mirrors? If you meant the authorities, how about limiting the ipset to relays with a Guard *or* an Authority flag. > Corridor's advantages: > - streams from different workstations can never share a circuit The more essential point is that client computers don't have to trust the corridor gateway to provide anonymity. That's huge if you're offering your internet connection to strangers: Their only choice if they don't trust a *proxying* gateway would be to run Tor over Tor. > Whonix's advantage: > - malicious software on the workstation can not find out it's real > external IP address With a filtering gateway (corridor), a malicious software M on the client computer can instantly and directly contact a colluding relay. With a proxying gateway (Whonix), M can only do that when the gateway uses that relay as a Guard, and M has to open a covert channel, e.g. request/response timing. Kudos to you for bringing this issue to light. I will document that corridor cannot prevent well-orchestrated leaks, and that there is no replacement for securing your client computer (which was never my intention to imply). > I am wondering, can we get both advantages using just one gateway? If you also count the question of who to trust, yourself (the client) or the gateway, then with just one gateway, no. Whoever you trust more is who you want to build your circuits. Still, you can put corridor between your Whonix box and your modem/ router (or directly on the latter if don't use clearnet at all) as a simple fail safe mechanism: $ wc -l corridor-* 11 corridor-data-bridges 60 corridor-data-consensus 17 corridor-forward 17 corridor-helper-update 105 total Rusty
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk