Browse code

revise TransportIPnotTCP answer

Roger Dingledine authored on 07/02/2011 09:34:57
Showing 2 changed files
... ...
@@ -1532,7 +1532,7 @@ we move to a "directory guard" design as well.
1532 1532
     <a href="<page getinvolved/volunteer>#Research">research section of the
1533 1533
     volunteer page</a>: "Tor doesn't work very well when relays
1534 1534
     have asymmetric bandwidth (e.g. cable or DSL)". It might be that <a
1535
-    href="<wikifaq>#YoushouldtransportallIPpacketsnotjustTCPpackets.">switching
1535
+    href="<page docs/faq>#TransportIPnotTCP">switching
1536 1536
     to UDP transport</a> is the simplest answer here &mdash; which alas is
1537 1537
     not a very simple answer at all.
1538 1538
     </p>
... ...
@@ -1581,31 +1581,29 @@ we move to a "directory guard" design as well.
1581 1581
 all IP packets, not just TCP packets.</a></h3>
1582 1582
 
1583 1583
 <p>
1584
-This would be handy, because it would make Tor
1585
-more generally useful. It would also solve the whole
1586
-need to socksify applications, and it would resolve the <a
1587
-href="<wikifaq>#HowdoIcheckifmyapplicationthatusesSOCKSisleakingDNSrequests">DNS
1588
-leak problem</a> too. Lastly, it would solve the fact that exit relays
1589
-need to allocate a lot of file descriptors to hold open all the exit
1590
-connections.
1584
+This would be handy, because it would make Tor better able to handle
1585
+new protocols like VoIP, it could solve the whole need to socksify
1586
+applications, and it would solve the fact that exit relays need to
1587
+allocate a lot of file descriptors to hold open all the exit connections.
1591 1588
 </p>
1592 1589
 
1593 1590
 <p>
1594
-On the other hand, there are six reasons we haven't done this:
1591
+We're heading in this direction: see <a
1592
+href="https://trac.torproject.org/projects/tor/ticket/1855">this trac
1593
+ticket</a> for directions we should investigate. Some of the hard
1594
+problems are:
1595 1595
 </p>
1596 1596
 
1597
-<li>IP packets reveal OS characteristics. We would still
1598
-need to do IP-level packet normalization, to stop things like
1599
-TCP fingerprinting attacks. This is unlikely to be a trivial
1600
-task, given the diversity and complexity of TCP stacks. In
1601
-fact, it's worse than this: check out the new class of <a
1597
+<li>IP packets reveal OS characteristics. We would still need to do
1598
+IP-level packet normalization, to stop things like TCP fingerprinting
1599
+attacks. Given the diversity and complexity of TCP stacks, along with <a
1602 1600
 href="<wikifaq>#DoesTorresistremotephysicaldevicefingerprinting">device
1603
-fingerprinting attacks</a> which we would have to tackle as well.
1601
+fingerprinting attacks</a>, it looks like our best bet is shipping our
1602
+own user-space TCP stack.
1604 1603
 </li>
1605
-<li>Application-level streams still need scrubbing. We still need Tor
1606
-to be easy to integrate with user-level application-specific proxies
1607
-such as Privoxy. So it's not just a matter of capturing packets and
1608
-anonymizing them at the IP layer.
1604
+<li>Application-level streams still need scrubbing. We will still need
1605
+user-side applications like Torbutton. So it won't become just a matter
1606
+of capturing packets and anonymizing them at the IP layer.
1609 1607
 </li>
1610 1608
 <li>Certain protocols will still leak information. For example, we must
1611 1609
 rewrite DNS requests so they are delivered to an unlinkable DNS server
... ...
@@ -1614,10 +1612,10 @@ the protocols we are transporting.
1614 1612
 </li>
1615 1613
 <li><a
1616 1614
 href="http://crypto.stanford.edu/~nagendra/projects/dtls/dtls.html">DTLS</a>
1617
-(datagram TLS) will be in the 0.9.8 openssl release. We need to design
1618
-a new end-to-end Tor protocol for avoiding tagging attacks and other
1619
-potential anonymity and integrity issues now that we allow drops, resends,
1620
-et cetera.
1615
+(datagram TLS) basically has no users, and IPsec sure is big. Once we've
1616
+picked a transport mechanism, we need to design a new end-to-end Tor
1617
+protocol for avoiding tagging attacks and other potential anonymity and
1618
+integrity issues now that we allow drops, resends, et cetera.
1621 1619
 </li>
1622 1620
 <li>Exit policies for arbitrary IP packets mean building a secure
1623 1621
 IDS. Our node operators tell us that exit policies are one of the main
... ...
@@ -1633,12 +1631,10 @@ so clients can predict which nodes will allow their packets to exit &mdash;
1633 1631
 and clients need to predict all the packets they will want to send in
1634 1632
 a session before picking their exit node!
1635 1633
 </li>
1636
-<li>The Tor-internal name spaces would need to be redesigned. We
1637
-support hidden service ".onion" addresses (and other special addresses,
1638
-like ".exit" which lets the user request a particular exit node), by
1639
-intercepting the addresses when they are passed to the Tor client. Doing
1640
-so at the IP level would require a more complex interface between Tor
1641
-and the local DNS resolver.
1634
+<li>The Tor-internal name spaces would need to be redesigned. We support
1635
+hidden service ".onion" addresses by intercepting the addresses when
1636
+they are passed to the Tor client. Doing so at the IP level will require
1637
+a more complex interface between Tor and the local DNS resolver.
1642 1638
 </li>
1643 1639
 </ol>
1644 1640
 
... ...
@@ -665,7 +665,7 @@ meetings around the world.</li>
665 665
     encryption. This is nice and simple, but it means all cells
666 666
     on a link are delayed when a single packet gets dropped, and
667 667
     it means we can only reasonably support TCP streams. We have a <a
668
-    href="https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#YoushouldtransportallIPpacketsnotjustTCPpackets.">list
668
+    href="<page docs/faq>#TransportIPnotTCP">list
669 669
     of reasons why we haven't shifted to UDP transport</a>, but it would
670 670
     be great to see that list get shorter. We also have a proposed <a
671 671
     href="<gitblob>doc/spec/proposals/100-tor-spec-udp.txt">specification