[tor-bugs] #11469 [Tor]: Exit not using one hop circuit to Directory Server
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 15 15:32:01 UTC 2014
#11469: Exit not using one hop circuit to Directory Server
-------------------------+--------------------------------------------
Reporter: bburley | Owner: nickm
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Resolution: | Keywords: one-hop directory 024-backport
Actual Points: | Parent ID:
Points: |
-------------------------+--------------------------------------------
Comment (by nickm):
> Taking steps to operate in bridge mode and other attempts to look
"normal" can be blown away by communicating in the clear with the
directories
But bridges don't communicate in the clear, do they?
> I believe, in my test environment, that I could enumerate my
infrastructure by looking at the unencrypted directory traffic
if you're an adversary trying to enumerate the Tor network, you could do
that (excluding bridges and clients) by just connecting to the directory
authorities yourself and downloading the consensus document. Having the
non-bridge Tor relays and directory authorities themselves be undetectable
is not part of the current design. An attacker doesn't need to enumerate
them: the directory infrastructure enumerates them for you.
Bridges and clients, on the other hand, don't make unencrypted directory
connections (I certainly hope), so trying to enumerate them by plaintext
patterns really shouldn't work.
To be clear, I think there could be a case to be made for "relays should
never make unencrypted directory connections", but it's not an obvious
case fwict. I think we should open a new ticket for that, so that this
one can be about the breakage in the current behavior wrt the indirection
argument in `directory_post_to_dirservers()`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11469#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list