Roger Dingledine <arma@xxxxxxx> wrote: > On Mon, Jul 10, 2006 at 09:39:05PM +0200, Fabian Keil wrote: > > I read on <http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers>: > > > > |Tor does provide a partial solution in a very specific situation, though. > > |When you make a connection to a destination that also runs a Tor server, > > |Tor will automatically extend your circuit so you exit from that circuit. > > How reliable is this supposed to work? For me it is working most of the time, > > but quite often I get: > > > > A foreign exit node is used for the first HTTP request, > > the following requests use one of my own nodes. > > Correct, that's how it's implemented right now. The reason is that when > the user types "www.foo.com" into their browser, Tor has no idea what its > IP address is, so it doesn't know that your Tor server is the same place. > > We could always resolve every site first, just in case it's at the > same place as an exit node, but in most cases this would be a wasted > round-trip. > > So we assume that the first request is just the front-page, and probably > not really sensitive. And then once we've cached the IP address for the > destination, future requests become smarter. > > It seemed like a good trade-off at the time. If it's a destination that > is really sensitive, you can add a MapAddress line to your torrc. > > Are there important example scenarios where this behavior is really > dangerous? Not that I know of, but I think the exception for the first request(s) should be mentioned in the FAQ entry anyway. Fabian -- http://www.fabiankeil.de/
Attachment:
signature.asc
Description: PGP signature