Sniffing OR-OR connections by rerouting them

Paul Syverson syverson at itd.nrl.navy.mil
Sun Jul 3 12:41:54 UTC 2005


On Sun, Jul 03, 2005 at 07:32:40AM -0400, Roger Dingledine wrote:
> Hey, this is a nice bug. Thanks for finding it, dvorak.
> 
yes, quite cool.

[snip]

> I think this is probably the way to go. Once the connection is
> established, Alice should send a cell indicating what IP:port she thought
> she was connecting to. If Bob thinks this is scary, he can hang up.
> Having Bob make these decisions is better, since we can make Bob smarter
> down the road about what locations are acceptable, and Alice never has
> to care.
> 

Yes. This is exaclty what I had in mind.

> I'm going to try to resist adding the 'currently acceptable alternative'
> business, since most of the time everybody should have it right in the
> first place, so this will be a rarely used feature that just adds bulk
> (and risk) to the design. But if it turns out we need it, we can add it.
> 

Makes sense, and I also prefer keeping it as simple as possible, especially
when it is more flexible. 

I assume it is the determination of the alternative that is the bulk
and risk.  That is, it would not add much bulk to add an "incorrect
inbound IP address encountered" error message that Bob sends back to
Alice before hanging up, yes? Should the criteria include correct IP address
but wrong port? I mean something's gone wrong in that case, and dvorak
can maybe find another bug.

-Paul




More information about the tor-talk mailing list