[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: end-to-end encryption question



On Thu, Sep 13, 2007 at 02:56:41AM -0500, Scott Bennett wrote:

[lines re-wrapped]

>      In http://tor.eff.org/docs/tor-doc-server.html.en it says,
> 
> 	14.  If your Tor server provides other services on the same IP
> 	address--such as a public webserver--make sure that
> 	connections to the webserver ae allowed from the local host,
> 	too.  You need to allow these connections because Tor clients
> 	will detect that your Tor server is the safest way to reach
> 	that webserver, and always build a circuit that ends at your
> 	server.  If you don't want to allow the connections, you must
> 	explicitly reject them in your exit policy.
> 
>      I have a few questions about the above text.
> 
> a) Who translates the destination address to 127.0.0.1?  Is it the
> tor client?  Or is it the exit server?

Nobody is supposed to translate the destination address to
127.0.0.1...  Oh!  I see what went wrong here.  "The local host" is
not the same as "localhost", but the instructions should be a lot more
clear about that point.

The paragraph quoted above is about publicly visible webservers:
Suppose for example that you have a webserver running at IP 1.2.3.4.
Suppose that there is also a Tor exit at 1.2.3.4.  If your webserver
is configured to reject requests from 127.0.0.1, that's fine.  If your
webserver is configured to reject requests from 1.2.3.4, that's no
good.

> 
> b) If I have "ExitPolicyRejectPrivate 1" in my torrc, does that
> prevent such end-to-end encryption?  If not, then does an
> "ExitPolicy reject *:*" at the end of my exit policy list count as
> "explicitly rejecting" such connections?
> 

No.  127.0.0.1 is a private address; your public IP is not private.

> c) If "TunnelDirConns 1" tries to build one-hop circuits to
> directory servers, does "TunnelDirConns 0" result in direct,
> unencrypted links to directory servers?  Or does it result in the
> normal, three-hop link encrypted as far as the exit server, then
> unencrypted to the directory server?  Or does it result in an
> end-to-end-encrypted link to the directory server?  Do I need to
> have something like "ExitPolicy accept 127.0.0.1:[dirport]" ahead of
> the "ExitPolicyRejectPrivate 1" in my torrc to allow it?

The default behavior is direct HTTP requests to directory servers.

> d) If normal connections to directory servers are unencrypted at any
> point along the way, what is the procedure to get them to be
> encrypted from end to end?
> 

AllDirActionsPrivate, I believe.

yrs,
-- 
Nick Mathewson

Attachment: pgp9k8PUDAhld.pgp
Description: PGP signature