Original Message
From: Neel Chauhan
Apparently from: tor-dev-boun...@lists.torproject.org
To: tor-dev@lists.torproject.org
Subject: Re: [tor-dev] Proposal 334: A flag to mark Relays as middle-only
Date: Fri, 17 Sep 2021 16:09:43 -0700
> Hi nusenu (and tor-dev@),
>
> O
Hi nusenu (and tor-dev@),
On 2021-09-17 16:02, nusenu wrote:
it would be great if you could open a MR for the proposal so we can
always see the latest version and changes
there.
(Over time it became unclear what comments have already been addressed
in the text an which didn't.)
Done: https://g
Hi Neel,
it would be great if you could open a MR for the proposal so we can always see
the latest version and changes
there.
(Over time it became unclear what comments have already been addressed in the
text an which didn't.)
kind regards,
nusenu
--
https://nusenu.github.io
Hi David,
On 2021-09-14 12:00, David Goulet wrote:
On 14 Sep (11:31:02), Neel Chauhan wrote:
3. Implementation details
The MiddleOnly flag can be assigned to relays whose IP addresses are
configured at the directory authority level, similar to how the
BadExit flag
currently works. In sh
Tor Relays wrote:
David Goulet:
However, I'm not sure we should always let 1 authority dictate that flag
regardless of what the others think.
I think we need to enforce majority here and not have one
single authority dictate it.
Thoughts?
+1
I can compromise one authorit
David Goulet:
> However, I'm not sure we should always let 1 authority dictate that flag
> regardless of what the others think.
>
> I think we need to enforce majority here and not have one
> single authority dictate it.
>
> Thoughts?
>
+1
I can compromise one authority and can MiddleOnly the w
Neel Chauman wrote at Sun Sep 12 19:17:37 UTC 2021:
>my updated proposal
>says that if one dirauth gives a relay the MiddleOnly flag, then it's
>set for that relay. This is to prevent harm while all (or the majority
>of) dirauths give the relay that flag.
Imagine one hostile dirauth that votes
David Goulet:
> On 14 Sep (11:31:02), Neel Chauhan wrote:
>> Hi Roger,
>
> Hi Neel!
>
> Thanks for your proposal!!
>
>>
>> On 2021-09-12 20:48, Roger Dingledine wrote:
>>> On Sun, Sep 12, 2021 at 12:17:37PM -0700, Neel Chauhan wrote:
If a relay has the MiddleOnly flag, we do not allow it t
On 14 Sep (11:31:02), Neel Chauhan wrote:
> Hi Roger,
Hi Neel!
Thanks for your proposal!!
>
> On 2021-09-12 20:48, Roger Dingledine wrote:
> > On Sun, Sep 12, 2021 at 12:17:37PM -0700, Neel Chauhan wrote:
> > > If a relay has the MiddleOnly flag, we do not allow it to be used
> > > for the
> >
Hi Roger,
On 2021-09-12 20:48, Roger Dingledine wrote:
On Sun, Sep 12, 2021 at 12:17:37PM -0700, Neel Chauhan wrote:
If a relay has the MiddleOnly flag, we do not allow it to be used for
the
following purposes:
* Entry Guard
While we're trying to be exhaustive here, "Directory Guard" mi
Roger Dingledine:
[snip]
> That is, I think these extra restrictions (avoiding the relays) would be
> a slight improvement to security in theory, but I see that as outweighed
> by the loss of robustness and by the other security angle (avoiding
> letting people probe our internal network knowledg
On Sun, Sep 12, 2021 at 12:17:37PM -0700, Neel Chauhan wrote:
> If a relay has the MiddleOnly flag, we do not allow it to be used for the
> following purposes:
>
> * Entry Guard
While we're trying to be exhaustive here, "Directory Guard" might be a
good addition to this list. (But trying to be
Hi nusenu,
On 2021-09-12 14:47, nusenu wrote:
thanks for these pointers.
In case "ExcludeGuardNodes" option is accepted and merged, the
documentation should explicitly point out
the differences between
LimitToMiddleOnlyNodes NodeX
vs.
ExcludeGuardNodes NodeX
+
ExcludeExitNodes NodeX
thanks,
n
Sorry, my bad.
The ExcludeMiddleNodes did give a good idea for a new feature I already have a
MR for:
* https://gitlab.torproject.org/tpo/core/tor/-/issues/40466
* https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/436
It's unrelated to this PR, though, and I don't know if it wil
Hi,
On 2021-09-12 12:31, nusenu wrote:
Neel Chauhan:
Also ensure this functionality is available to tor clients via a
torrc option like "ExcludeExitNodes" can be used by tor clients as
well.
The torrc option for clients could be named
"LimitToMiddleOnlyNodes" or similar and takes a list of rel
Neel Chauhan:
Also ensure this functionality is available to tor clients via a
torrc option like "ExcludeExitNodes" can be used by tor clients as
well.
The torrc option for clients could be named
"LimitToMiddleOnlyNodes" or similar and takes a list of relay
fingerprints and can appear multiple t
Hi nusenu,
On 2021-09-10 16:05, nusenu wrote:
Thank you for working on this,
I was hoping for such a flag for a long time,
great to see that it is happening now.
No problem!
The flag should minimize the ability of the relay to do harm.
This means such relays should _not_ be used by tor clien
Hi,
I have an updated proposal.
On 2021-09-07 13:52, s7r wrote:
Don't worry -- it's glad to have you back always. Thanks. No judging
anywhere around here by any means :)
No problem!
The proposal looks much better with the motivation section, at least
me know what's all about.
Thanks!
So
Thank you for working on this,
I was hoping for such a flag for a long time,
great to see that it is happening now.
The flag should minimize the ability of the relay to do harm.
This means such relays should _not_ be used by tor clients for _any_
other use-case than the second hop position (no HS
Neel Chauhan wrote:
I believe it shouldn't affect these scenarios, but have mentioned we
should look out for them.
P.S. Rendezvous point is NOT a less powerful position (at least from
an onion service server/operator point of view), unless you are using
vanguards plugin by Mike with rendguar
Hi,
I have an updated proposal which addresses your concerns, along with
David Goulet's comments on GitLab.
On 2021-09-07 12:47, s7r wrote:
Hi Neel,
Please add a "MOTIVATION" section and explain in detail why is this
needed for the network/heath team and how will it improve things? Also
incl
Neel Chauhan wrote:
Hi,
As asked in the torspec MR [1] (42) for ticket [2] (40448), I propose a
MiddleOnly dirauth flag for relays.
The proposal, #334, is attached to this email, and is titled "A dirauth
flag to mark Relays as Middle-only".
Please comment and review it.
Best,
Neel Chauha
On Tue, Sep 07, 2021 at 11:22:30AM -0700, Neel Chauhan wrote:
> 3. Implementation details
>
> The MiddleOnly flag can be assigned to relays whose IP addresses are
> configured at the directory authority level, similar to how the BadExit flag
> currently works. In short, if a relay's IP is de
Hi,
As asked in the torspec MR [1] (42) for ticket [2] (40448), I propose a
MiddleOnly dirauth flag for relays.
The proposal, #334, is attached to this email, and is titled "A dirauth
flag to mark Relays as Middle-only".
Please comment and review it.
Best,
Neel Chauhan
===
Links:
[1] -
24 matches
Mail list logo
