[tor-talk] corridor, a Tor traffic whitelisting gateway
rustybird at openmailbox.org
Mon Feb 17 08:27:07 UTC 2014
At least malicious relays have to stick around a few days to become Guards.
> If there aren't any guards hardcoded in
> Tor's source code, then the initial fetch from authorities must ignore
> the TunnelDirConns option. Can't work any other way.
All Authorities are also regular relays. (4 of 10 even have a Guard
flag, but I suppose tor only becomes aware of that after it has fetched
client -> AuthorityX:ORPort -> AuthorityY:DirPort
Maybe the encrypted ORPort / plain DirPort distinction sort of answers
I've narrowed the tor_relays ipset down to all Valid relays with an
Authority or Guard flag, and only to their ORPort - no more direct
DirPort connections allowed, the tor client doesn't do that by default.
> The nice thing about corridor is, that it's still quite simple.
> Something I still have my Whonix todo list. (Providing minimal
> Whonix-Gateway source code, moving things like whonixcheck, timesync
> etc. into separate packages, so others can more easily grasp it, copy
> the concept etc.).
Let me just make a mental note to keep the WiFi portal thing separate
from corridor proper straight away. :)
> I am interested to fine tune the following page and add corridor to it
> to better visualize the nuances of the differences:
> Time is an issue, though. Perhaps you're interested?
No hurry, let's see how corridor turns out.
> I am quite intrigued by the corridor concept, it may help to archive
> build anonymity:
If your build does not depend on the data that's currently leaking
through clearnet requests...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the tor-talk