North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Tor and network security/administration

  • From: Lionel Elie Mamane
  • Date: Wed Jun 21 13:55:27 2006

On Wed, Jun 21, 2006 at 01:14:52PM -0400, Todd Vierling wrote:
> On 6/20/06, Lionel Elie Mamane <[email protected]> wrote:

>>>> You don't do your financial transactions over HTTPS? If you do, by
>>>> the very design of SSL, the tor exit node cannot add any HTTP
>>>> header. That would be a man-in-the-middle attack on SSL.

>>> Which, for an anonymizing network, could be a deliberate situation.

>> The user then loses end-to-end encryption with the final server he
>> want to connect to.

> Depends on your definition of "end-to-end" -- if one "end" is "an
> agent on the user's computer", it still fits.  But I think you
> misunderstand the reason for a filtering proxy in the context of
> anonymizing networks; read on:

>> So suddenly this daemon needs an UI on every single user on
>> the desktop of the user.

> Here's where your misunderstanding is evident.  The filtering proxy
> is not at the Tor exit node; it's at the *entry*.

If the proxy is not at the Tor exit node, how can the tor network
enforce the addition of the "this connection went through tor" HTTP
header that Kevin Day was asking for? Fundamentally, if you rely on a
program sitting on the user's computer adding that header, then
malevolent users can not add this header, so Kevin Day's purpose is
not served. And that is what is being discussed here.

>> Let's suppose the tor exit node does this https-man-in-the-middle
>> dance. It is not desirable for all connections, so you need some
>> way for the user to say per connection what whether it should
>> happen or not. SOCKS doesn't have such a thing in its protocol,
>> so...

> With SOCKS, automated filter control based on IP address (and
> hostname, if using SOCKS4a or SOCKS5 with DOMAINNAME address type) is
> trivial.

What I was trying to say was: The SOCKS protocol has no mechanism for
the SOCKS proxy to tell the SOCKS client "before I establish that
connection, please ask the user that question and report the answer
back to me".