[tor-bugs] #9022 [Pluggable transport]: Create an XMPP pluggable transport
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jul 1 18:48:30 UTC 2013
#9022: Create an XMPP pluggable transport
---------------------------------+------------------------------------------
Reporter: asn | Owner: feynman
Type: task | Status: accepted
Priority: normal | Milestone:
Component: Pluggable transport | Version:
Keywords: | Parent:
Points: | Actualpoints:
---------------------------------+------------------------------------------
Comment(by feynman):
Replying to [comment:70 asn]:
> (fixed the issue with my sleekxmpp)
>
> btw, I kind of dislike the fact that we send our local ip:port through
XMPP. it's a small but unneeded information leak.
>
> Since (<remote ip/port>, <jid>) is not sufficient for your routing
table, why don't you also add the source IP of the other side in there?
You can probably get the client's IP using the sleekxmpp API; you don't
need the client to send its IP to the server. If that doesn't work, you
can get the client to generate a nonce and send it to the server.
>
> Do you think that makes sense?
It just occurred to me that you might have thought that by local ip, I
meant the external ip:port of the client. I was actually referring to the
ip:port of the connected socket that is created after the client hexchat
accepts tor's connection.
I wanted to start a new branch with the hashed ip:port protocol, but I
gave up and just reverted back to the last commit before I changed that
part of the protocol.
I would prefer to send the ip:port of the connected socket rather than
hashing the address--it just makes the code cleaner. However, if you still
think this is a security risk (even a minor one), I will gladly revert
back to hashing the ip:port.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9022#comment:76>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list