[tor-dev] Different trust levels using single client instance
bancfc at openmailbox.org
bancfc at openmailbox.org
Fri Oct 21 20:38:45 UTC 2016
Summarized question:
Do you recommend allowing Workstation VMs of different security levels
to communicate with the same Tor instance? Note that they connect via
separate internal networks to the Gateway and have different interfaces
& controlports so inter-workstation communication should not be
possible.
Single Tor Gateway, Multiple Workstations
Pros:
*Same guard node means less chance of picking a malicious one
*Single Gateway VM uses less resources
Cons:
*Some unforeseen way malicious VM "X" can link activities of or
influence traffic of VM "Y"
**Maybe sending NEWNYM requests in a timed pattern that changes exit IPs
of VM Y's traffic, revealing they are behind the same client?
**Maybe eavesdropping on HSes running on VM Y's behalf?
**Something else we are not aware of?
Multi-Tor Gateways mapped 1:1 to Workstation VMs
Pros:
*Conceptually simple. Uses a different Tor instance so no need to worry
about all these questions.
Cons:
*Uses a different entry guard which can increase chance of running into
a malicious relay that can deanonymize some of the traffic.
* Uses extra resources (though not much as a Tor Gateway can run with as
little as 192MB RAM)
More information about the tor-dev
mailing list