diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-07-06 17:08:24 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-07-19 01:58:45 -0400 |
| commit | 773bfaf91ebe1ef80f37d473714a11f962e753fb (patch) | |
| tree | 0c115b831f478d641b051d7be0cae8e5c5216c8b /changes | |
| parent | 1d3c8c1f74e9f80317a70c3b7d9372dee87dd373 (diff) | |
| download | tor-773bfaf91ebe1ef80f37d473714a11f962e753fb.tar.gz tor-773bfaf91ebe1ef80f37d473714a11f962e753fb.zip | |
Implement stream isolation
This is the meat of proposal 171: we change circuit_is_acceptable()
to require that the connection is compatible with every connection
that has been linked to the circuit; we update circuit_is_better to
prefer attaching streams to circuits in the way that decreases the
circuits' usefulness the least; and we update link_apconn_to_circ()
to do the appropriate bookkeeping.
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/prop171 | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/changes/prop171 b/changes/prop171 index 057556edd9..91c463f94d 100644 --- a/changes/prop171 +++ b/changes/prop171 @@ -1,3 +1,14 @@ + o Major features: + - You can now configure Tor so that streams from different + applications are isolated on different circuits, to prevent an + attacker who sees your streams leaving an exit node from linking + your sessions to one another. To do this, choose some way to + distinguish the applications -- have them connect to different + SocksPorts, or have one of them use SOCKS4 while the other uses + SOCKS5, or have them pass different authentication strings to + the SOCKS proxy. Then use the new SocksPort syntax to configure + the degree of isolation you need. This implements Proposal 171. + o Minor features: - There's a new syntax for specifying multiple client ports (such as SOCKSPort, TransPort, DNSPort, NATDPort): you can now just declare |