[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #16824 [Core Tor/Tor]: Emit a warning message about side channel leaks when using relays as clients
#16824: Emit a warning message about side channel leaks when using relays as
clients
-------------------------------------------------+-------------------------
Reporter: starlight | Owner: (none)
Type: defect | Status:
| needs_review
Priority: High | Milestone: Tor:
| 0.3.5.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.2.6.10
Severity: Normal | Resolution:
Keywords: mike-can, tor-client tor-relay | Actual Points:
sidechannel logging easy |
Parent ID: | Points: 1
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by starlight):
Replying to [comment:42 starlight]:
> Seemed to me a warning would arrive once client activity commenced on a
traffic forwarding relay. Had not considered how it would be implemented,
whether SocksPort!=0 and ORPort!=NULL would trigger it. Perhaps the
message should emit on the first socks connection when ORPort is
configured? Or perhaps SockPort=0 should default when ORPort is set and
the message arrive when both are asserted?
>
> To quote my earlier self:
>
> > 2) some consider it a reasonable idea to configure a client
> > and relay in the same daemon instance with the belief
> > that this would obfuscate local client traffic to some
> > degree; but with the implementation as it presently
> > stands such an idea is false and should be denigrated
>
> The idea of the warning is to alert users to potential risk, in
consideration of the time and effort that will likely pass before the risk
is alleviated. Already quite some time has passed.
>
> Mike Perry suggested a warning as an alternative to my original idea
that such configurations be discouraged via a new parameter, his reasoning
in comment:16 above.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16824#comment:43>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs