[tor-dev] Alternatives to Tor Exit Enclaves

Arturo Filastò art at baculo.org
Wed Apr 18 21:28:42 UTC 2012

The purpose of Exit Enclaves was to allow people running a website to
make Tor users
access it without ever leaving the Tor network. This leads to the
clients having end-to-end
encryption with the target destination.

Even in previous version this had some issues, one of which was the fact
that at the first
connection the user would not be accessing the destination over a Tor
circuit if the destination
was provided in a hostname format (and not IP).

The current stable version of Tor (0.2.2.x) still supports Exit
enclaves. The new versions of Tor
(> 0.2.3.x) use a new descriptor format (microdescriptors) allow relays
to specify an Exit Enclave
policy, but clients will not use it, therefore voiding the purpose of
exit enclaving.

I believe there is the need for something similar to Tor Exit Enclaving
and the closest thing I see
fit these requirements are Tor Encrypted Services

Encrypted Services (EC), are basically regular Tor Hidden Services, that
do not provide anonymity
for the server and gain a better performance because of this (they have
a one-hop circuit
to the RV and IP).

The problem with making Encrypted services work to replace Exit Enclaves
is that the client needs
to have a way to understand that their destination is running also as an
Encrypted Service.

In this very high level overview I don't go into very much detail of how
this system will actually
work, but I hope it will prompt some discussion on the matter.

I think this can be achieved mainly in 3 ways.

1) The client already knows all of the EC's
2) The client looks up if a destination is an EC when trying to connect
to it
3) The final hop looks up if the destination is an EC

These all have some drawbacks:

In 1) the client needs to download the full list of EC's, therefore if
the number of EC's get's
very large it will take clients much more to bootstrap and they will
need to store more data.
The good thing of this though is that the speed of connections would be
as fast as they
are at the moment as it does not require any extra connections.

In 2) the clients needs to complete an extra round-trip for every
connection. I don't think
this is a valid solution as it would degrade the quality of connections
for every user.

In 3) the final hop would do along side a normal A lookup for hostnames
a CNAME lookup (
or another special field). If it finds that such a lookup returns a
.onion address instead of
returning a RELAY_CONNECTED cell it will return a ENCRYPTED_SERVICE cell
the .onion address of the target ES.

The client will then cache this address and connect to it.

This approach adds a little bit of overhead (since two DNS lookups need
to be made),
but it is still faster than 2).

It suffers from the issue of the exit node could spoof the .onion
address and redirect
the user to a malicious .onion address. This is quite a tough problem
that I am still
unsure how it could be solved. If we have support for DNSSec this issue
could be mitigated.

I would love some feedback on this topic.

- Art.

More information about the tor-dev mailing list