[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Firewalled relays

On Saturday 04 October 2008 00:03:10 Martin Fick wrote:
> To achieve this, firewalled relays would borrow an idea from hidden
> services and register rendezvous points with the directory servers.  The
> rendezvous points would have to be with non-firewalled relays.  Unlike
> hidden services though, these rendezvous points need not be 3 hops into the
> cloud, they need only be single hops.  Upon startup, a firewalled relay
> would initiate and establish a connection to at least one non-firewalled
> relay and register that connection as a rendezvous point.

On a pedantic note, I think you're referring to introduction points rather than 
rendezvous points here.

> The rendezvous points would only be used to tell firewalled relays that
> another relay or a client wanted to relay through the firewalled relay. 
> Anyone wishing to establish a connection with a firewalled relay would
> contact them through the tor network as a client would making 3 hops before
> hitting the rendezvous point (this contact would be as anonymous as any
> other tor usage).
> Once a client or non-firewalled relay contacts a firewalled relay through
> the rendezvous point indicating its desire to relay through it, the
> firewalled relay will initiate a connection back to the relay or client
> asking to relay though it.  From there on out the firewalled relay would
> behave as a regular relay.

This means the client/router at the other end of the connection with the 
firewalled relay cannot be firewalled themselves. So firewalled relays can 
only act as middlemen and exit nodes under this design, or the client must 
have an open port the firewalled relay can connect to (which is probably not a 
safe assumption for a client).

This limitation has a number of anonymity implications, similar to the ones 
described in this proposal:


The use of intro points seems like a very good idea on the face of it, and is 
probably better than the above proposal since it opens the firewalled relay to 
the entire network rather than just a segment of it.

A few questions:

1. Should the identity of the firewalled relay and the router requesting access 
to it be concealed from the intro point?
2. How should the intro points for a firewalled relay be advertised?
3. Clients can't choose more than one firewalled relay in a circuit. What 
problems might this introduce?

I'm sure there are more. Maybe the Tor developers can think of a show-stopper 
but you probably won't find it out unless you write up a proposal which goes 
into the idea in more detail and raises and adresses some of the problems it 
might create.

> With this design, any traffic using the firewalled relay would undergo a
> normal 3 hop path through the tor network just like other normal tor
> traffic.  The rendezvous points would only be used to communicate desired
> connections but not to carry traffic.  Setup time for connections would
> increase, but throughput should be unaffected.
> Thoughts?
> -Martin