diff options
-rw-r--r-- | doc/spec/proposals/000-index.txt | 2 | ||||
-rw-r--r-- | doc/spec/proposals/152-single-hop-circuits.txt | 63 |
2 files changed, 65 insertions, 0 deletions
diff --git a/doc/spec/proposals/000-index.txt b/doc/spec/proposals/000-index.txt index aa8126d82c..e7d141b4fc 100644 --- a/doc/spec/proposals/000-index.txt +++ b/doc/spec/proposals/000-index.txt @@ -74,6 +74,7 @@ Proposals by number: 149 Using data from NETINFO cells [OPEN] 150 Exclude Exit Nodes from a circuit [ACCEPTED] 151 Improving Tor Path Selection [DRAFT] +152 Optionally allow exit from single-hop circuits [DRAFT] Proposals by status: @@ -85,6 +86,7 @@ Proposals by status: 141 Download server descriptors on demand 144 Increase the diversity of circuits by detecting nodes belonging the 151 Improving Tor Path Selection + 152 Optionally allow exit from single-hop circuits OPEN: 121 Hidden Service Authentication 142 Combine Introduction and Rendezvous Points diff --git a/doc/spec/proposals/152-single-hop-circuits.txt b/doc/spec/proposals/152-single-hop-circuits.txt new file mode 100644 index 0000000000..bff5b1650b --- /dev/null +++ b/doc/spec/proposals/152-single-hop-circuits.txt @@ -0,0 +1,63 @@ +Filename: 152-single-hop-circuits.txt +Title: Optionally allow exit from single-hop circuits +Version: +Last-Modified: +Author: Geoff Goodell +Created: 13-Jul-2008 +Status: Draft + +Overview + + Provide a special configuration option that adds a line to descriptors + indicating that a router can be used as an exit for one-hop circuits, + and allow clients to attach streams to one-hop circuits provided + that the descriptor for the router in the circuit includes this + configuration option. + +Motivation + + At some point, code was added to restrict the attachment of streams + to one-hop circuits. + + The idea seems to be that we can use the cost of forking and + maintaining a patch as a lever to prevent people from writing + controllers that jeopardize the operational security of routers + and the anonymity properties of the Tor network by creating and + using one-hop circuits rather than the standard three-hop circuits. + It may be, for example, that some users do not actually seek true + anonymity but simply reachability through network perspectives + afforded by the Tor network, and since anonymity is stronger in + numbers, forcing users to contribute to anonymity and decrease the + risk to server operators by using full-length paths may be reasonable. + + As presently implemented, the sweeping restriction of one-hop circuits + for all routers limits the usefulness of Tor as a general-purpose + technology for building circuits. In particular, we should allow + for controllers, such as Blossom, that create and use single-hop + circuits involving routers that are not part of the Tor network. + +Design + + Introduce a configuration option for Tor servers that, when set, + indicates that a router is willing to provide exit from one-hop + circuits. Routers with this policy will not require that a circuit + has at least two hops when it is used as an exit. + + In addition, routers for which this configuration option + has been set will have a line in their descriptors, "opt + exit-from-single-hop-circuits". Clients will keep track of which + routers have this option and allow streams to be attached to + single-hop circuits that include such routers. + +Security Considerations + + This approach seems to eliminate the worry about operational router + security, since server operators will not set the configuraiton + option unless they are willing to take on such risk. + + To reduce the impact on anonymity of the network resulting + from including such "risky" routers in regular Tor path + selection, clients may systematically exclude routers with "opt + exit-from-single-hop-circuits" when choosing random paths through + the Tor network. + |