[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Proposed student project
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Proposed student project
- From: "Jonathan Addington" <madjon@xxxxxxxxx>
- Date: Mon, 15 Sep 2008 13:35:52 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Mon, 15 Sep 2008 14:36:02 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=2URatiqpQOuq0ytQKfGSip5lWNFonjfClJIJ+VAuZAM=; b=M/UXLhdV4czBClGQcdatavW5g6uXJ6nMHX3W7rxCgdFfcLaShEG9NECDn0dR6x4ItF V7v63GUjG6C3IAEmaPeMltAqEZGqidDVmgN4+TuCQTmvtLjaqk75CZC7sYMhUTUho7qu UFfZXTuw0T0Vy6CpwWQoerPk4rllaHcPy5w8A=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=JUxH93uogjZ5vKD5XXZKIeLIybeK2XYVfXJ/UAUuOlJysDVQnJZ75qnQfPlpqWOceN i3fJwWfJB8KA8J9oIaB9AeZb6Svxw6mtkQUrMxdwjraTJfePV9fGb/LN/Cgrc1uY9QvM HaULyR9jPIoTZTCjaOvhhB3JU1Be6EVIZNue0=
- In-reply-to: <20080915182521.GB6497@xxxxxxxxxxxxxx>
- References: <BCF248C6751C4652A8B158D60CF98F69@xxxxxxxxxxxxxxxx> <20080915182521.GB6497@xxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Mon, Sep 15, 2008 at 1:25 PM, Roger Dingledine <arma@xxxxxxx> wrote:
>
> On Mon, Sep 15, 2008 at 02:12:12PM -0400, Chris Akins wrote:
> > The basic idea
> > is to build a zero-configuration Tor relay in hardware that sits between the
> > home user's router and their computer. Two plugs: one to the outside world,
> > one to the computer.
>
> Two thoughts come to mind immediately. First, you will want to use
> Tor's transparent proxy interface with iptables / pf:
> https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy
>
> You might like Incognito's firewall rules:
> https://svn.torproject.org/svn/incognito/trunk/root_overlay/var/lib/iptables/rules-save
>
> For the software side, you should look at coderman's draft thoughts on
> a self-contained Tor in a VM:
> https://svn.torproject.org/svn/torvm/trunk/doc/design.html
>
> Second, if you want this Tor to be able to act as a relay too (aka a Tor
> server), it will need some non-trivial hardware. Exactly what hardware is
> needed is an open question, and worth exploring more. The Tor software
> development process seems to have cycles where we 1) accidentally cause
> Tor to use too many resources, then 2) fix that, then go back to 1.
> So some versions of Tor are much more friendly, cpu and memory wise,
> than others. The current 0.2.1.5-alpha version is quite good I believe.
>
> > The relay would automatically handle all the configuration details, and
> > render interception almost impossible, barring subversion of the target
> > machine.
Building on Roger, another point, esp. regarding interception; an
automatic (singned) binary update would be a good idea. You (or
whoever maintained the project) could simply test the latest versions
and update it when needed. (Bugs are found, performance is improved,
etc.)
Just my pseudo-developer two cents...
> You may find that some config details, like how much rate limiting the
> user wants to put in place, are hard to guess automatically.
>
> --Roger
>
--
madjon@xxxxxxxxx