getting more exit nodes
Andrew
tor at kleinhirn.org
Mon Apr 21 21:50:09 UTC 2008
Martin Fick schrieb:
> --- Andrew <tor at kleinhirn.org> wrote:
>
>> Roger Dingledine schrieb:
>>
>>> adding much additional anonymity. (Or is it?)
>>>
>> I believe this to be the most interesting
>> question... since the user
>> does not know his connection will be relayed via a
>> client-exit, there
>> will only be encryption up until the last relay (the
>> one advertising
>> itself as an exit). Therefore, even if you
>> re-encrypt the data for
>> transfer to the client-exit, it will now be *two*
>> hops being able to
>> read the user's traffic in cleartext.
>> I don't think that's an improvement... I'd even go
>> as far as saying it's
>> the exact opposite of what we want.
>>
>
> While your analysis is correct (two potentially
> unencrypted hops), the encryption concerns in
> themselves should be irrelevant to the concerns of
> tor.
>
True. But...
> Tor is not an encryption technology. The only reason
> for encrypting the other hops is for anonymity so that
> each hop only knows about its immediate peers. The
> question is whether an unencrypted last leg affects
> anonymity?
If everyone would use tor the way it was meant to be used, no problem
here. But as you know, rogue exit nodes have become a problem within the
tor network; this feature would provide for them a very nice cover to
hide under. Since your connection is in plain text for two hops now (or
at least two hops can read it as plain text), there's also two hops that
can mess with your traffic. And while today it is pretty conclusive to
say if someone messed with your traffic, it was the exit node (therefore
this node should be considered "bad"), after introducing this feature
that would no longer be possible (since, as was proposed, noone but the
last node would even know the client-exit existed, or its IP; and even
if that was openly advertised, testing for malicious tor nodes would
become that much harder).
It's not an attack from the outside I fear here, but one from within the
network. Something tor is already very vulnerable to as it is.
Regards
Andrew
More information about the tor-talk
mailing list