[tor-bugs] #1090 [Tor Client]: Warning about using an excluded node for exit

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Feb 3 17:50:30 UTC 2011 

#1090: Warning about using an excluded node for exit
-------------------------+--------------------------------------------------
  Reporter:  Sebastian   |       Owner:  nickm             
      Type:  defect      |      Status:  assigned          
  Priority:  major       |   Milestone:  Tor: 0.2.2.x-final
 Component:  Tor Client  |     Version:  0.2.1.19          
Resolution:  None        |    Keywords:                    
    Points:              |      Parent:                    
-------------------------+--------------------------------------------------
Changes (by nickm):

  * owner:  arma => nickm


Comment:

 >!ExcludeExitNodes is a list of nodes to never use as the last hop of a
 non-internal circuit. Nodes in both exitnodes and excludeexitnodes are
 excluded.

 This is a tricksy bit: we need to define what we mean by an "internal"
 circuit.  ISTR based on the conversation with Roger that he did not think
 that !ExcludeExitNodes should apply to the following:
    * Directory-only circuits
    * Testing  and build-time measurement circuits
    * Circuits related to hidden services (introduction points, rendezvous
 points)

 In other words, "!ExcludeExitNodes" applies only to circuits where we
 attach AP streams.  It means, "I don't want these servers able to see my
 plaintext."  It explicitly *does not* mean, "If my entry is observed and a
 correlation attack mounted against me, I don't trust these servers not to
 participate in it."

 Another nonintuitive point in the above is that !ExcludeExitNodes does not
 have its meaning change when we do !StrictNodes 1.

 Another nonintuitivie part is that !EntryNodes never changes its meaning
 when we do !StrictNodes 1.


 Fortunately, one nice piece of my "use a bunch of functions" design for
 dealing with this is that it is relatively easy to change this stuff in
 the future if we decide we've got it a bit wrong.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1090#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list