[tor-dev] Proposal 334: A flag to mark Relays as middle-only
s7r
s7r at sky-ip.org
Tue Sep 7 20:52:05 UTC 2021
Neel Chauhan wrote:
>
> I believe it shouldn't affect these scenarios, but have mentioned we
> should look out for them.
>
>> P.S. Rendezvous point is NOT a less powerful position (at least from
>> an onion service server/operator point of view), unless you are using
>> vanguards plugin by Mike with rendguard component activated. Because
>> it's always chosen by the client connecting to the onion service, and
>> we should assume the client is always ~LE~ evil. Trust me on this :)
>
> I have also updated this to be a strictly Middle-only flag, and am not
> giving rendezvous capabilities to MiddleOnly relays.
>
> Sorry about this, but I have taken more-or-less a so-called "break" from
> Tor development for a while. I am technically a volunteer, and my
> $DAYJOB is at "Big Tech" (don't judge, that's where I found work).
>
> I also got FreeBSD "commit bit" (not every Tor developer uses Debian)
> which took time away from Tor volunteer efforts. I am only getting back
> to Tor development as of the past week or two, so I need to refresh my
> memory.
>
> Going back, this update also completes the missing paragraph reported by
> Ian, that seemed to miss me in the original proposal.
>
Don't worry -- it's glad to have you back always. Thanks. No judging
anywhere around here by any means :)
The proposal looks much better with the motivation section, at least me
know what's all about.
So the DirAuths will just vote about MiddleOnly like they vote about
BadExit, based on internal communication. Sounds plausible for the
desired goal.
I saw you mentioned on the list of position where we will NOT use
MiddleOnly relays RendezVous Points. Please add a note to it that in
order to enforce this particular requirement, we need to teach the onion
service server that receives the INTRODUCE2 cell to a rend point with
MiddleOnly flag to not proceed with the rend protocol and close that
circuit. Otherwise the requirement enforcement won't work because
anybody doing any attack would probably use modified clients that don't
follow the rules to not select a MiddleOnly as rend point.
I don't see any major blockers for this proposal, because if it's voted
at DirAuth level only, in case it makes troubles for us in a perfect
future (walking onions / all exits) we can simply decide at DirAuth
level to not vote on it any more and remove the code that parses it.
What will the consensus requirement be for this flag? 50%+1? IIRC the
BadExit flag can be assigned with less than 50%+1 DirAuths.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20210907/60b069a6/attachment-0001.sig>
More information about the tor-dev
mailing list