[tor-bugs] #9022 [Pluggable transport]: Create an XMPP pluggable transport

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jul 1 18:48:30 UTC 2013


#9022: Create an XMPP pluggable transport
---------------------------------+------------------------------------------
 Reporter:  asn                  |          Owner:  feynman 
     Type:  task                 |         Status:  accepted
 Priority:  normal               |      Milestone:          
Component:  Pluggable transport  |        Version:          
 Keywords:                       |         Parent:          
   Points:                       |   Actualpoints:          
---------------------------------+------------------------------------------

Comment(by feynman):

 Replying to [comment:70 asn]:
 > (fixed the issue with my sleekxmpp)
 >
 > btw, I kind of dislike the fact that we send our local ip:port through
 XMPP. it's a small but unneeded information leak.
 >
 > Since (<remote ip/port>, <jid>) is not sufficient for your routing
 table, why don't you also add the source IP of the other side in there?
 You can probably get the client's IP using the sleekxmpp API; you don't
 need the client to send its IP to the server. If that doesn't work, you
 can get the client to generate a nonce and send it to the server.
 >
 > Do you think that makes sense?

 It just occurred to me that you might have thought that by local ip, I
 meant the external ip:port of the client. I was actually referring to the
 ip:port of the connected socket that is created after the client hexchat
 accepts tor's connection.

 I wanted to start a new branch with the hashed ip:port protocol, but I
 gave up and just reverted back to the last commit before I changed that
 part of the protocol.

 I would prefer to send the ip:port of the connected socket rather than
 hashing the address--it just makes the code cleaner. However, if you still
 think this is a security risk (even a minor one), I will gladly revert
 back to hashing the ip:port.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9022#comment:76>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list