[tor-bugs] #1090 [Tor Client]: Warning about using an excluded node for exit
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Feb 7 10:13:08 UTC 2011
#1090: Warning about using an excluded node for exit
-------------------------+--------------------------------------------------
Reporter: Sebastian | Owner: nickm
Type: defect | Status: assigned
Priority: major | Milestone: Tor: 0.2.2.x-final
Component: Tor Client | Version: 0.2.1.19
Resolution: None | Keywords:
Points: | Parent:
-------------------------+--------------------------------------------------
Comment(by arma):
Replying to [comment:22 nickm]:
> >!ExcludeExitNodes is a list of nodes to never use as the last hop of a
non-internal circuit. Nodes in both exitnodes and excludeexitnodes are
excluded.
>
> This is a tricksy bit: we need to define what we mean by an "internal"
circuit.
I was intending to use the definition from path-spec.txt:
"An "internal" circuit, on the other hand, is one where the final node is
chosen just like a middle node (ignoring its exit policy)."
We should probably clarify that to simply "is chosen without regard to its
exit policy", but I believe the term "internal" is used consistently in
path-spec.txt to mean what I mean.
>ISTR based on the conversation with Roger that he did not think that
!ExcludeExitNodes should apply to the following:
> * Directory-only circuits
> * Testing and build-time measurement circuits
> * Circuits related to hidden services (introduction points,
rendezvous points)
Yep. In all of those cases, the final hop of the circuit is chosen without
regard for that node's exit policy.
> In other words, "!ExcludeExitNodes" applies only to circuits where we
attach AP streams.
It's conceivable that this is an equivalent definition. At first glance I
think it is.
>It means, "I don't want these servers able to see my plaintext." It
explicitly *does not* mean, "If my entry is observed and a correlation
attack mounted against me, I don't trust these servers not to participate
in it."
Correct. !ExcludeExitNodes is about *exiting*, not about what gets put on
one end of a circuit or the other.
> Another nonintuitive point in the above is that !ExcludeExitNodes does
not have its meaning change when we do !StrictNodes 1.
>
> Another nonintuitivie part is that !EntryNodes never changes its meaning
when we do !StrictNodes 1.
Yep. We could rename it to !StrictExcludeNodes or something like that if
we wanted to do a shell game with the names yet again.
> Fortunately, one nice piece of my "use a bunch of functions" design for
dealing with this is that it is relatively easy to change this stuff in
the future if we decide we've got it a bit wrong.
Sounds good.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1090#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list