Add proposal 170 "Configuration options regarding circuit building"

1 files changed, 95 insertions, 0 deletions

diff --git a/proposals/170-user-path-config.txt b/proposals/170-user-path-config.txt
new file mode 100644
index 0000000..fa74c76
--- /dev/null
+++ b/proposals/170-user-path-config.txt
@@ -0,0 +1,95 @@
+Title: Configuration options regarding circuit building
+Filename: 170-user-path-config.txt
+Author: Sebastian Hahn
+Created: 01-March-2010
+Status: Draft
+
+Overview:
+
+    This document outlines how Tor handles the user configuration
+    options to influence the circuit building process.
+
+Motivation:
+
+    Tor's treatment of the configuration *Nodes options was surprising
+    to many users, and quite a few conspiracy theories have crept up. We
+    should update our specification and code to better describe and
+    communicate what is going during circuit building, and how we're
+    honoring configuration. So far, we've been tracking a bugreport
+    about this behaviour (
+    https://bugs.torproject.org/flyspray/index.php?do=details&id=1090 )
+    and Nick replied in a thread on or-talk (
+    http://archives.seul.org/or/talk/Feb-2010/msg00117.html ).
+
+    This proposal tries to document our intention for those configuration
+    options.
+
+Design:
+
+    Five configuration options are available to users to influence Tor's
+    circuit building. EntryNodes and ExitNodes define a list of nodes
+    that are for the Entry/Exit position in all circuits. ExcludeNodes
+    is a list of nodes that are used for no circuit, and
+    ExcludeExitNodes is a list of nodes that aren't used as the last
+    hop. StrictNodes defines Tor's behaviour in case of a conflict, for
+    example when a node that is excluded is the only available
+    introduction point. Setting StrictNodes to 1 breaks Tor's
+    functionality in that case, and it will refuse to build such a
+    circuit.
+
+    Neither Nick's email nor bug 1090 have clear suggestions how we
+    should behave in each case, so I tried to come up with something
+    that made sense to me.
+
+Security implications:
+
+    Deviating from normal circuit building can break one's anonymity, so
+    the documentation of the above option should contain a warning to
+    make users aware of the pitfalls.
+
+Specification:
+
+    It is proposed that the "User configuration" part of path-spec
+    (section 2.2.2) be replaced with this:
+
+    Users can alter the default behavior for path selection with
+    configuration options. In case of conflicts (excluding and requiring
+    the same node) the "StrictNodes" option is used to determine
+    behaviour. If a nodes is both excluded and required via a
+    configuration option, the exclusion takes preference.
+
+    - If "ExitNodes" is provided, then every request requires an exit
+      node on the ExitNodes list. If a request is supported by no nodes
+      on that list, and "StrictNodes" is false, then Tor treats that
+      request as if ExitNodes were not provided.
+
+    - "EntryNodes" behaves analogously.
+
+    - If "ExcludeNodes" is provided, then no circuit uses any of the
+      nodes listed. If a circuit requires an excluded node to be used,
+      and "StrictNodes" is false, then Tor uses the node in that
+      position while not using any other of the excluded nodes.
+
+    - If "ExcludeExitNodes" is provided, then Tor will not use the nodes
+      listed for the exit position in a circuit. If a circuit requires
+      an excluded node to be used in the exit position and "StrictNodes"
+      is false, then Tor builds that circuit as if ExcludeExitNodes were
+      not provided.
+
+    - If a user tries to connect to or resolve a hostname of the form
+      <target>.<servername>.exit and the "AllowDotExit" configuration
+      option is set to 1, the request is rewritten to a request for
+      <target>, and the request is only supported by the exit whose
+      nickname or fingerprint is <servername>. If "AllowDotExit" is set
+      to 0 (default), any request for <anything>.exit is denied.
+
+    - When any of the *Nodes settings are changed, all circuits are
+      expired immediately, to prevent a situation where a previously
+      built circuit is used even though some of its nodes are now
+      excluded.
+
+
+Compatibility:
+
+    The old Strict*Nodes options are deprecated, and the StrictNodes
+    option is new. Tor users may need to update their configuration file.