[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Different trust levels using single client instance



Summarized question:

Do you recommend allowing Workstation VMs of different security levels to communicate with the same Tor instance? Note that they connect via separate internal networks to the Gateway and have different interfaces & controlports so inter-workstation communication should not be possible.


Single Tor Gateway, Multiple Workstations

Pros:
*Same guard node means less chance of picking a malicious one
*Single Gateway VM uses less resources

Cons:
*Some unforeseen way malicious VM "X" can link activities of or influence traffic of VM "Y" **Maybe sending NEWNYM requests in a timed pattern that changes exit IPs of VM Y's traffic, revealing they are behind the same client?
**Maybe eavesdropping on HSes running on VM Y's behalf?
**Something else we are not aware of?


Multi-Tor Gateways mapped 1:1 to Workstation VMs

Pros:
*Conceptually simple. Uses a different Tor instance so no need to worry about all these questions.

Cons:
*Uses a different entry guard which can increase chance of running into a malicious relay that can deanonymize some of the traffic. * Uses extra resources (though not much as a Tor Gateway can run with as little as 192MB RAM)
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev