[tor-talk] corridor, a Tor traffic whitelisting gateway

Rusty Bird rustybird at openmailbox.org
Mon Feb 17 08:27:07 UTC 2014

Patrick Schleizer:
> https://blog.torproject.org/blog/lifecycle-of-a-new-relay

At least malicious relays have to stick around a few days to become Guards.

> If there aren't any guards hardcoded in
> Tor's source code, then the initial fetch from authorities must ignore
> the TunnelDirConns option. Can't work any other way.

All Authorities are also regular relays. (4 of 10 even have a Guard
flag, but I suppose tor only becomes aware of that after it has fetched
the consensus.)

client -> AuthorityX:ORPort -> AuthorityY:DirPort

Maybe the encrypted ORPort / plain DirPort distinction sort of answers
your https://tor.stackexchange.com/questions/286#comment311_288

I've narrowed the tor_relays ipset down to all Valid relays with an
Authority or Guard flag, and only to their ORPort - no more direct
DirPort connections allowed, the tor client doesn't do that by default.

> The nice thing about corridor is, that it's still quite simple.
> Something I still have my Whonix todo list. (Providing minimal
> Whonix-Gateway source code, moving things like whonixcheck, timesync
> etc. into separate packages, so others can more easily grasp it, copy
> the concept etc.).

Let me just make a mental note to keep the WiFi portal thing separate
from corridor proper straight away. :)

> I am interested to fine tune the following page and add corridor to it
> to better visualize the nuances of the differences:
> https://www.whonix.org/wiki/Comparison_with_Others
> Time is an issue, though. Perhaps you're interested?

No hurry, let's see how corridor turns out.

> I am quite intrigued by the corridor concept, it may help to archive
> build anonymity:
> https://www.whonix.org/wiki/Dev/Build_Anonymity

If your build does not depend on the data that's currently leaking
through clearnet requests...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140217/96d888b7/attachment.sig>

More information about the tor-talk mailing list