[tor-bugs] #1090 [Tor Client]: Warning about using an excluded node for exit
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Feb 3 17:50:30 UTC 2011
#1090: Warning about using an excluded node for exit
-------------------------+--------------------------------------------------
Reporter: Sebastian | Owner: nickm
Type: defect | Status: assigned
Priority: major | Milestone: Tor: 0.2.2.x-final
Component: Tor Client | Version: 0.2.1.19
Resolution: None | Keywords:
Points: | Parent:
-------------------------+--------------------------------------------------
Changes (by nickm):
* owner: arma => nickm
Comment:
>!ExcludeExitNodes is a list of nodes to never use as the last hop of a
non-internal circuit. Nodes in both exitnodes and excludeexitnodes are
excluded.
This is a tricksy bit: we need to define what we mean by an "internal"
circuit. ISTR based on the conversation with Roger that he did not think
that !ExcludeExitNodes should apply to the following:
* Directory-only circuits
* Testing and build-time measurement circuits
* Circuits related to hidden services (introduction points, rendezvous
points)
In other words, "!ExcludeExitNodes" applies only to circuits where we
attach AP streams. It means, "I don't want these servers able to see my
plaintext." It explicitly *does not* mean, "If my entry is observed and a
correlation attack mounted against me, I don't trust these servers not to
participate in it."
Another nonintuitive point in the above is that !ExcludeExitNodes does not
have its meaning change when we do !StrictNodes 1.
Another nonintuitivie part is that !EntryNodes never changes its meaning
when we do !StrictNodes 1.
Fortunately, one nice piece of my "use a bunch of functions" design for
dealing with this is that it is relatively easy to change this stuff in
the future if we decide we've got it a bit wrong.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1090#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list