On Sunday 20 April 2008 12:32:19 Alexander Bernauer wrote: > Hi > > The CCC local group Rheintal [1] is currently working on a solution to > get much more Tor exit nodes which we think is a major problem of Tor. > > The basic idea is to develop a browser plugin which while active turns > the computer into both an Tor client and a Tor exit node. The target > group is a Windows XP or Vista user with almost no technical skills but > fear of pop-ups asking strange things. We are experienced in providing > and promoting security software to them [2] and we beliefe that this > solution will be accepted and widely used. > > To get the software done I would like to discuss the technical aspects > here. > > The bigest problem we see are those personal firewalls which prevent > running a normal Tor server. Therefore this machine needs to open a > client connection. That's why we call it a client-exit node. > > So we need some servers for the client-exit nodes. This nodes we call > pseudo-exit nodes. The reason for this is that Alice selects this node > as exit node for its circuit but the traffic gets routed to the > client-exit node. So the pseudo-exit node doesn't appear in the server > logs. > This is an interesting idea - I submitted a proposal with broadly similar aims a little while ago. Though the approach was completely different. I suggest you write the idea up using the proposal format and post it to or-dev. That process will help you consider the security/anonymity implications of what you're suggesting. It will also reveal if there are any tricky implementation issues that need working out. A couple that occur to me: - Client traffic is being routed through an exit node that was not explicitly chosen by the client. Does this have any unintended consequences for anonymity? - Should pseudo-exits mark themselves as vanilla exits, or as something else? - What exit policy should they advertise? - How do the client-exits authenticate themselves to the pseudo-exit? Do they upload descriptors to the authorities? > This means that every Tor node can become a pseudo-exit node without any > additional law enforcement risks. Given that all Tor nodes are > pseudo-exit nodes a client-exit node would select a Tor node at random > and connect to it. As soon as a pseudo-exit node has at least one > connection to a client-exit node it registers itself at the directory > server as a normal exit node. From now on everything goes the normal way > except that the pseudo exit nodes passes the traffic which would > normally go out of the Tor network to the client-exit node. > > This is the basic idea. I'm sure there are technical aspects we missed > or assumptions which are wrong. So I would appreciate if you could point > us on them. > > We tried hard to find a solution which would not require patching > existing Tor nodes. But we didn't find any. Maybe we do in this > discussion. > > [1] http://ulm.ccc.de/Rheintal > [2] http://www.dingens.org > > regards
Attachment:
signature.asc
Description: This is a digitally signed message part.