[tor-relays] Simplifying ExoneraTor

Karsten Loesing karsten at torproject.org
Mon Jul 6 07:41:02 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/07/15 00:31, Geoff Down wrote:
> 
> 
> On Sun, Jul 5, 2015, at 02:26 PM, Karsten Loesing wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> On 05/07/15 14:20, teor wrote:
>>> 
>>>> On 5 Jul 2015, at 19:37 , Karsten Loesing 
>>>> <karsten at torproject.org> wrote:
> 
>> 
>> Actually, how about we use the same definition as for the Exit
>> flag?
>> 
>> Even if a relay without the Exit flag could have possibly been
>> used as an exit, the probability for clients to choose it is
>> quite low.
> 
> Is that probability the same for a malicious actor though (who may
> have set up the relay themselves)?

A malicious actor could modify their torrc to use any relay as exit as
long as that relay permits at least the address and port they want to
exit to, regardless of whether that relay has the Exit flag or not.

A malicious and stupid actor would set up a non-exit relay, ssh into
the box, exit somewhere, and later point to ExoneraTor saying that
there was no way for anyone to exit via that relay.

A malicious and slightly smarter actor would set up an exit relay
permitting just the minimum number of ports and (mostly unused)
address ranges to obtain the Exit flag, configure their firewall to
block just those ports and addresses, and then exit via that relay
themselves.

Anyway, I guess what I'm trying to say is that this is not an exact
science and there's no clearly right way to say that a relay is an
exit or not.  We should pick a definition that's plausible to mere
mortals, and that could be:

 a) whether the relay has the Exit flag,
 b) whether the relay permitted exiting to "web ports" 80 or 443,
 c) whether the relay permitted exiting to any port at all, etc.

I think a) is better than b).  But do you think c) would be even
better than that?

All the best,
Karsten

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJVmjEOAAoJEJD5dJfVqbCrn5EH/1LkmLz6Ejo4zgi519ecvCRL
zztM6vD6fKzCllqpI/ofjpwb4Wq3GXvgNSJa6KW4cd7BVDFnlz2MInFAAuH7TE0m
Q/6SFlbNSwJhqxnoCYfyffP5X27EzQbeLabLIgCRBleb0F9D4cvp8N/zNIljGKjt
meorzw7tquA/gQgj3wgvVMT+C5LjGZ6B5bWxZvGHkaCnAMznAI5PrIS7j6JFl+YQ
Tyy/sUWm8Jm6TfAQlbml97NeUAgSmM7QFYt/80q71M7nKx4/9XkKo8uxQ1IRpfr/
OO+mIpUhXyHcLPMzkqT9We2AHBi2mvSRwtW2FtUNzvlVayrGtkg/iGTim6MDtRg=
=1oEC
-----END PGP SIGNATURE-----

More information about the tor-relays mailing list