Proposal idea: User path configuration

Sebastian Hahn mail at
Thu Mar 4 03:24:30 UTC 2010

Filename: xxx-user-path-config.txt
Title: Configuration options regarding circuit building
Author: Sebastian Hahn
Created: 01-March-2010
Status: Draft


    This document outlines how Tor handles the user configuration  
    to influence the circuit building process.


    Tor's treatment of the configuration *Nodes options was surprising  
to many
    users, and quite a few conspiracy theories have crept up. We  
should update
    our specification and code to better describe and communicate what  
is going
    during circuit building, and how we're honoring configuration. So  
    we've been tracking a bugreport about this behaviour ( 
do=details&id=1090 ) and
    Nick replied in a thread on or-talk ( ). This  
    tries to document our intention for those configuration options.


    Five configuration options are available to users to influence Tor's
    circuit building. EntryNodes and ExitNodes define a list of nodes  
    are for the Entry/Exit position in all circuits. ExcludeNodes is a  
list of
    nodes that are used for no circuit, and ExcludeExitNodes is a list  
    nodes that aren't used as the last hop. StrictNodes defines Tor's  
    in case of a conflict, for example when a node that is excluded is  
the only
    available introduction point. Setting StrictNodes to 1 breaks Tor's
    functionality in that case, and it will refuse to build such a  

    Neither Nick's email nor bug 1090 have clear suggestions how we  
    behave in each case, so I tried to come up with something that made
    sense to me.

Security implications:

    Deviating from normal circuit building can break one's anonymity,  
so the
    documentation of the above option should contain a warning to make  
    aware of the pitfalls.


    It is proposed that the "User configuration" part of path-spec  
    2.2.2) be replaced with this:

    Users can alter the default behavior for path selection with  
    options. In case of conflicts (excluding and requiring the same  
node) the
    "StrictNodes" option is used to determine behaviour. If a nodes is  
    excluded and required via a configuration option, the exclusion  

    - If "ExitNodes" is provided, then every request requires an exit  
node on
      the ExitNodes list. If a request is supported by no nodes on  
that list,
      and "StrictNodes" is false, then Tor treats that request as if  
      were not provided.

    - "EntryNodes" behaves analogously.

    - If "ExcludeNodes" is provided, then no circuit uses any of the  
      listed. If a circuit requires an excluded node to be used, and
      "StrictNodes" is false, then Tor uses the node in that position  
      not using any other of the excluded nodes.

    - If "ExcludeExitNodes" is provided, then Tor will not use the nodes
      listed for the exit position in a circuit. If a circuit requires  
      excluded node to be used in the exit position and "StrictNodes" is
      false, then Tor builds that circuit as if ExcludeExitNodes were  

    - If a user tries to connect to or resolve a hostname of the form
      <target>.<servername>.exit and the "AllowDotExit" configuration  
      is set to 1, the request is rewritten to a request for <target>,  
and the
      request is only supported by the exit whose nickname or  
fingerprint is
      <servername>. If "AllowDotExit" is set to 0 (default), any  
request for
      <anything>.exit is denied.

    - When any of the *Nodes settings are changed, all circuits are  
      immediately, to prevent a situation where a previously built  
      is used even though some of its nodes are now excluded.


    The old Strict*Nodes options are deprecated, and the StrictNodes  
option is
    new. Tor users may need to update their configuration file.

More information about the tor-dev mailing list