[tor-relays] #2667 [Core Tor/Tor]: Exits should block reentry into the tor network

Roger Dingledine arma at mit.edu
Wed Jan 31 11:46:01 UTC 2018

On Wed, Jan 31, 2018 at 11:41:00AM +0000, nusenu wrote:
> > Comment (by arma):
> > 
> >  I continue to think that teaching exit relays to avoid allowing exit
> >  connections to known relays (IP:ORPort) is a good and useful step.
> > 
> >  We keep running across messy situations where letting somebody connect to
> >  a relay from an exit relay's IP address turns into a security surprise.
> Does that mean that exits will no longer be able to run tor clients (ie. to 
> run apt updates via tor)?

No, they are unrelated. The things you describe would be connections
made by the Tor client, and the things I describe would be connections
made by building a circuit to the exit and sending a begin cell.

(Also, if you want to reply to a trac ticket comment, the strategy of
responding on the tor-relays list is a very odd approach. :)


More information about the tor-relays mailing list