[tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit

Tom van der Woerdt info at tvdw.eu
Tue Jan 5 00:29:50 UTC 2016


I've had this on my todo list for a while, finally wrote it down.

Honestly, it's a minor change, but something that imho needs to be done.

Torspec branch:
https://github.com/TvdW/torspec/commits/exit-flag-not-all-plaintext

Full text below, tldr first: replace [80,443,6667] with [80,443,5222]
for Exit flagging.

===================

Filename: 264-exit-flag-not-all-plaintext.txt
Title: Stop giving Exit flags when only unencrypted traffic can exit
Author: Tom van der Woerdt
Created: 2016-01-05
Status: Open


1. Introduction

  Tor's Exit flags are assigned to relays that have an exit policy that
allows
  exiting to at least two out of three pre-defined ports: 80, 443 and 6667.

  Since 80 and 6667 (resp. http and irc) are generally used for unencrypted
  traffic, an attacker could construct an exit policy that relays only
  unencrypted data.

2. Changes

2.1. Exit flagging

  By replacing the port 6667 (IRC) entry with a port 5222 (XMPP) entry, Exit
  flags can no longer be assigned to relays that exit only to unencrypted
  ports.

2.2. dir-spec.txt

  A change to dir-spec.txt will be needed to change port 6667 to 5222.

3. Migration

  This change only needs to be rolled out to directory authorities.
Since the
  flagging system is simple, no special migration is needed for this change,
  and it will take effect as soon as the deployment of the change has
reached
  a sufficient number of directory authorities.

4. Other considerations

  While it would have been ideal to drop the port 80 condition as well,
in the
  current state of the internet this is not likely to be a good idea. Too
  much websites still use unencrypted connections. However, this may be
worth
  reconsidering every few years.

  XMPP was chosen to replace IRC because nowadays unencrypted XMPP is rare,
  and because the XMPP protocol is slowly gaining popularity within the
  communities on the internet. Other popular ports have been considered,
such
  as 22 (SSH), 465 (SMTP), or 995 (POP3), but these are unlikely to be good
  candidates because of wide spread bruteforce attacks on these ports.

===================


Tom


More information about the tor-dev mailing list