Security concerns/help me understand tor

Jacob Appelbaum jacob at appelbaum.net
Fri Nov 9 01:39:05 UTC 2007


Kyle Williams wrote:
> On Nov 8, 2007 4:00 PM, Jefferson Iblis <fleshheap at gmail.com> wrote:
>> Seems the simplest solution would be to, by default, disallow Tor from
>> accessing the local network, including what it discovers to be its
>> externally accessible IP. Then anyone who wants to allow local access
>> can explicitly turn on whatever they think is appropriate.
>>
> 
> Exactly.
> 

There are two issues. One is the concept of exit enclaves and another is
privileged authorization based on a specific source ip.

Regarding enclaves, an option for operators might be nice. You seem to
think that it is very important to disable this type of preferential
routing. I disagree. Still an option would allow people to address what
you're discussing.

Such an option could be:
DisallowExitEnclave True

This means that servers would operate as they do today and people could
address that issue if they care to do so.

It makes sense to me that the option would only address the issue of
exit enclaves. I'd personally like to see exit enclaving enabled as it
is today.

With that said... As it stands today, any operator can modify their exit
policy if they want to effectively disable exit enclaving. Modification
to the exit policy would probably also address the unintended
consequences you've voiced concern about.

Regarding the second issue of privileged authorization based on source
ips, Tor can't solve this problem.

It's outside of the scope of the the Tor server itself. Furthermore it's
possible that it's *intended* and the method of blocking would draw
attention. If you take issue with this, contact the node operators in
question.

Regards,
Jacob



More information about the tor-talk mailing list