[tor-bugs] #11469 [Tor]: Exit not using one hop circuit to Directory Server
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 15 13:05:08 UTC 2014
#11469: Exit not using one hop circuit to Directory Server
-------------------------+--------------------------------------------
Reporter: bburley | Owner: nickm
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Resolution: | Keywords: one-hop directory 024-backport
Actual Points: | Parent ID:
Points: |
-------------------------+--------------------------------------------
Comment (by bburley):
Replying to [comment:17 nickm]:
> It looks like the bug here, which was in Tor since 0.2.4.3-alpha,
already magnified part b by a lot and we didn't notice. Does that mean we
should change our reasoning here?
I agree with you Nick. I think the reasoning behind not encrypting
communications with the directories may be outdated. With cheaper, faster
everything, and the growth of the infrastructure, conserving resources may
not be as valid of a point in a "cost vs. security" situation.
On the security-side of the discussion, when someone decides to somewhat
expose themselves by contributing to the Tor infrastructure, if something
can be done to reasonably limit that exposure, it should be done. Taking
steps to operate in bridge mode and other attempts to look "normal" can be
blown away by communicating in the clear with the directories. I believe,
in my test environment, that I could enumerate my infrastructure by
looking at the unencrypted directory traffic. I'll will look closer, but
believe this is the case.
Thanks to all in this discussion.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11469#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list