using Host Identity Protocol in Tor
Andrei Gurtov
gurtov at cs.helsinki.fi
Wed Oct 18 14:37:44 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Problem: ESP uses raw IP packets. A lot of secure computers ban non root users from using
> raw sockets as they are useful in interesting ways. Also most OS implementations of ESP require
> root access to set it up. So we will be using our own implementation of ESP, which might not be
> compatible with third-party servers made to take advantage of hardware cryptography.
This is a valid concern, though if access rights are set by
Administrator/root on a TUN device then a normal user should be able to
run HIP. Also, there are HIP extensions to enable NAT traversal that
encapsulate HIP messages into UDP. That can run entirely as a user
application without special rights.
Out of TOR exit points in Finland, all of them are located at home ADSL
networks. Hence, the person who installed them probably has full control
over machines. Are you more concerned about the client side-software?
Andrei
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFNjw4P7jp0uceFkQRAg/4AKCUURzR4+qY5pvCFQuILw/IuvKxvACdHdac
kAy+seyj79cSVCbHg2CqYDE=
=U2Su
-----END PGP SIGNATURE-----
More information about the tor-dev
mailing list