[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: end-to-end encryption question
On Thu, Sep 13, 2007 at 12:07:08PM -0400, Nick Mathewson wrote:
> > In http://tor.eff.org/docs/tor-doc-server.html.en it says,
> >
> > 14. If your Tor server provides other services on the same IP
> > address--such as a public webserver--make sure that
> > connections to the webserver ae allowed from the local host,
> > too. You need to allow these connections because Tor clients
> > will detect that your Tor server is the safest way to reach
> > that webserver, and always build a circuit that ends at your
> > server. If you don't want to allow the connections, you must
> > explicitly reject them in your exit policy.
> >
> > I have a few questions about the above text.
> >
> > a) Who translates the destination address to 127.0.0.1? Is it the
> > tor client? Or is it the exit server?
>
> Nobody is supposed to translate the destination address to
> 127.0.0.1... Oh! I see what went wrong here. "The local host" is
> not the same as "localhost", but the instructions should be a lot more
> clear about that point.
Actually, this isn't true. "The local host" in this text is the same as
localhost. It is 127.0.0.1.
> The paragraph quoted above is about publicly visible webservers:
> Suppose for example that you have a webserver running at IP 1.2.3.4.
> Suppose that there is also a Tor exit at 1.2.3.4. If your webserver
> is configured to reject requests from 127.0.0.1, that's fine. If your
> webserver is configured to reject requests from 1.2.3.4, that's no
> good.
If your webserver rejects requests from 127.0.0.1, that's bad, and it
will break people trying to reach your website from your Tor server.
The reason for this is that many modern OSes look at the destination
(1.2.3.4), realize they've got a better route for that, and decide to
route it via 127.0.0.1.
(This might not be true for your favorite OS -- I'm not sure which OSes
have this behavior -- but in practice it's true for enough of them that
many people run into it.)
> > b) If I have "ExitPolicyRejectPrivate 1" in my torrc, does that
> > prevent such end-to-end encryption?
No, because Tor looks at the address (1.2.3.4) and your exit policy is
fine with it. It's only later, in the OS, that it gets switched over.
> > If not, then does an
> > "ExitPolicy reject *:*" at the end of my exit policy list count as
> > "explicitly rejecting" such connections?
Yes, because then your exit policy rejects 1.2.3.4, and Tor clients
won't try to use you to exit to it.
> > d) If normal connections to directory servers are unencrypted at any
> > point along the way, what is the procedure to get them to be
> > encrypted from end to end?
>
> AllDirActionsPrivate, I believe.
Right, but note that you're going to have to bootstrap your first set of
directory information somehow. There is no simple procedure currently,
since we haven't seen the need for it yet.
Hope that helps,
--Roger