[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
end-to-end encryption question
In http://tor.eff.org/docs/tor-doc-server.html.en it says,
14. If your Tor server provides other services on the same IP
address--such as a public webserver--make sure that connections to the
webserver ae allowed from the local host, too. You need to allow
these connections because Tor clients will detect that your Tor server
is the safest way to reach that webserver, and always build a circuit
that ends at your server. If you don't want to allow the connections,
you must explicitly reject them in your exit policy.
I have a few questions about the above text.
a) Who translates the destination address to 127.0.0.1? Is it the tor client?
Or is it the exit server?
b) If I have "ExitPolicyRejectPrivate 1" in my torrc, does that prevent such
end-to-end encryption? If not, then does an "ExitPolicy reject *:*" at the
end of my exit policy list count as "explicitly rejecting" such connections?
c) If "TunnelDirConns 1" tries to build one-hop circuits to directory servers,
does "TunnelDirConns 0" result in direct, unencrypted links to directory
servers? Or does it result in the normal, three-hop link encrypted as far
as the exit server, then unencrypted to the directory server? Or does it
result in an end-to-end-encrypted link to the directory server? Do I need
to have something like "ExitPolicy accept 127.0.0.1:[dirport]" ahead of the
"ExitPolicyRejectPrivate 1" in my torrc to allow it?
d) If normal connections to directory servers are unencrypted at any point
along the way, what is the procedure to get them to be encrypted from end
to end?
For obvious reasons, tor should not be getting directory information over
a connection that is not encrypted from end to end, even if everyone knows
exactly what the content of the directory information happens to be at any
given moment. I'm trying to figure out the best way to make sure my tor only
uses end-to-end-encrypted connections, preferably going through a multi-hop
tor circuit.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************