path selection despite exit policies
Nick Mathewson
nickm at alum.mit.edu
Mon Apr 7 17:49:35 UTC 2003
On Mon, 2003-04-07 at 13:18, Roger Dingledine wrote:
[...]
I say "E" (ports only) for now, and eventually either "A" (clients
tunnel DNS requests) or "C" (guess and check). "D" (servers publish
"hostnames-that-are-me") seems to address an entirely orthogonal issue.
Actually, I'd suggest a combination of "A" and "C": Client says (over
tunnel) "Connect me to forbidden.seul.org:80". Server says (over
tunnel) "Request to 18.244.0.188:80 denied", resolving the IP *and*
rejecting it.
In the successful case, this is as fast as we have today. In the
failing case, this is as fast as a name lookup would be. It's still
possible for an attacker to return a bogus IP, but that's not a problem
(IMO) for tor to address: we're anonymity, not MITM prevention.
--
Nick
More information about the tor-dev
mailing list