[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #22820 [Core Tor/Tor]: Give the Exit flag to Exits that use the secure IRC port 6697
#22820: Give the Exit flag to Exits that use the secure IRC port 6697
----------------------------+----------------------------------
Reporter: teor | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: needs-proposal | Actual Points:
Parent ID: | Points: 3
Reviewer: | Sponsor:
----------------------------+----------------------------------
Comment (by IgorMitrofanov):
My email to tor-dev@ bounced for some reason. I'll paste what I got below.
My main motivation is end-to-end encryption, so I won't be upset if a
completely different solution ends up getting implemented.
PROPOSAL:
"
Ticket: https://trac.torproject.org/projects/tor/ticket/22820
All comments are welcome.
***
0. Overview
To allow exit relay operators to specify exit policies restricted to
ports typically used with protocols featuring transport-level
encryption, this proposal suggests treating port 6697 (IRC over
TLS) as an alternative to port 6667 (IRC plaintext) for the
purpose of assigning the 'Exit' flag to Tor relays.
1. Background
Today, a relay gets the 'Exit' flag if it allows traffic to exit to
at least two of the following 3 ports: 80, 443, 6667. Without the
'Exit' flag, a relay is unlikely to be selected by Tor clients as the
exit node for their general-purpose circuits.
Ports 80 and 443 were reserved for HTTP and HTTPS protocols,
respectively. Due to the popularity of the WWW, they remained the
least likely ports to be blocked by firewalls. Over time, software
developers began to tunnel other types of traffic through these
ports, rendering the relation between port numbers and the
underlying protocols obsolete. Still, this proposal makes an
assumption that most of the traffic directed to port 443 is TLS-
encrypted, while most of the port 80 traffic remains plaintext.
Port 6667 is commonly used by Internet Relay Chat (IRC) servers for
plaintext communication with IRC clients. A consensus has been
reached within the IRC community about listening on TCP port 6697 for
incoming IRC connections encrypted via TLS.
2. Motivation
The lack of enforced end-to-end encryption creates substantial risks
for both Tor users and Tor relay operators. New Tor users are
generally unaware of the fact that malicious exit nodes can capture
plaintext sensitive data and attack their browsers. Exit relay
operators cannot prove (beyond reasonable doubt) that they are not
responsible for any criminal activity linked to their node.
Ultimately, the author of this proposal envisions a setting that
allows any Tor user to force end-to-end encryption, so that the only
party they need to trust is the one they communicate with. As the
first step towards that vision, specifying encryption-oriented exit
policies should become possible to begin with.
3. Proposed 'Exit' flag policy
Today, in order for a relay to receive the 'Exit' flag, it has to
allow Tor traffic to exit to at least one /8 IPv4 address, plus have
to accept at least 2 of the following 3 ports (protocols):
80 (HTTP, plaintext)
443 (HTTPS)
6667 (IRC, plaintext)
Effectively, to quality for the 'Exit' flag, a relay must allow
connections to any of the following combinations of ports:
80 and 443,
80 and 6667,
443 and 6667.
This proposal extends the current policy of assigning the 'Exit'
flag by adding the following 2 options:
80 and 6697,
443 and 6697*
*The last option allows Exit relay operators to limit their support
to normally-encrypted traffic only.
No new flag need to be created (unless it is a good idea to allow
users to prioritize such encryption-focused exit relays).
The concensus algorithm should remain the same.
4. Proposed addition to the list of reduced exit policies.
On the torproject.org website, the following exit policy could be
recommended to operators who need to minimize their exposure to
plaintext traffic:
ExitPolicy accept *:53 # DNS (does not require encryption)
ExitPolicy accept *:443 # HTTPS
ExitPolicy accept *:993 # IMAP over SSL
ExitPolicy accept *:995 # POP3 over SSL
ExitPolicy accept *:6697 # IRC over SSL
5. Pros
Allowing relay operators to specialize in relaying usually-encrypted
traffic can reduce their risks and make more exit nodes available.
More capacity dedicated to relaying encrypted protocols can make the
Tor network faster at relaying that type of traffic, indirectly
helping the adoption of those protocols.
Tor users who must pick a specific exit relay (as opposed to picking
one randomly) will be able to prioritize relays that favor encrypted
traffic (and therefore are less likely to be malicious).
6. Cons
It is unclear how popular port 6697 compared to port 6667 is, and
whether relay operators switching from 6667 to 6697 can negatively
impact users accustomed to using IRC through its default port 6667.
There are still a number of mostly-plaintext protocols (FTP, HTTP)
that can become neglected if exit relay operators start to adopt
exit policies limited to encrypted protocols only.
"
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22820#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs