[tor-bugs] #7549 [Flashproxy]: Facilitator should not give client registrations to Tor exits
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 21 22:02:50 UTC 2012
#7549: Facilitator should not give client registrations to Tor exits
-------------------------+--------------------------------------------------
Reporter: dcf | Owner: jct
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Flashproxy | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Like in #6293, in order to avoid a Tor-in-Tor situation, the facilitator
should not give client registrations to any proxy that is requesting from
a Tor exit. This should work similarly to how BridgeDB treats exits
specially.
This ideally will use a locally cached database of exits. (Not an on-
demand DNS lookup.) It should continue to work (perhaps with some
classification errors) even if the database can't be refreshed for some
time.
Roger offered this command, which is used to update the exit database for
BridgeDB:
{{{
cat $HOME/auto-naming/moria1/cached-des* | python
$HOME/git/contrib/exitlist <ip>:<port> > exitlist
}}}
The facilitator should not return a useful client registration in any
case. An additional question is whether it should send a signal requesting
that the proxy disable itself. (Knowing that a malicious proxy may ignore
it.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7549>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list