[tor-bugs] #17605 [Tor]: Tell caches to remove X-Your-IP-Address-Is from Tor Directory documents
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 25 21:33:17 UTC 2016
#17605: Tell caches to remove X-Your-IP-Address-Is from Tor Directory documents
----------------------+------------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: High | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-auth | Actual Points:
Parent ID: | Points:
Sponsor: |
----------------------+------------------------------------
Comment (by arma):
What if we went a step further and didn't include the header at all in
unencrypted connections? That is, we include it in the begin_dir response
but not in the naked dirport responses.
The main effect would be that relays, who use the naked dirport, would no
longer be able to learn their IP address from their directory authority
interactions.
We could work around that by finally moving all dir traffic to begin_dir
(which still makes me uncomfortable because of the extra scaling and load,
but maybe this is a good additional kick for why we should do it anyway),
or by having relays who don't know their address launch a begin_dir
connection just for finding it out.
Actually, wait a minute, don't netinfo cells have your address in them now
too? Does that mean x-your-address-is on naked dirport answers is
redundant? And thus we should try to phase it out in favor of the
encrypted, authenticated mechanism that we built?
The reason I want to get rid of the caching situation is because this is
an information leak, from one user to another. Now, it's mostly just
relays who suffer, since they're the ones who use naked dirport requests.
But this is still an uncomfortable state of affairs to leave in place.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17605#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list