Roger Dingledine commited on 2011-02-07 09:34:57
Zeige 2 geänderte Dateien mit 26 Einfügungen und 30 Löschungen.
... | ... |
@@ -1532,7 +1532,7 @@ we move to a "directory guard" design as well. |
1532 | 1532 |
<a href="<page getinvolved/volunteer>#Research">research section of the |
1533 | 1533 |
volunteer page</a>: "Tor doesn't work very well when relays |
1534 | 1534 |
have asymmetric bandwidth (e.g. cable or DSL)". It might be that <a |
1535 |
- href="<wikifaq>#YoushouldtransportallIPpacketsnotjustTCPpackets.">switching |
|
1535 |
+ href="<page docs/faq>#TransportIPnotTCP">switching |
|
1536 | 1536 |
to UDP transport</a> is the simplest answer here — which alas is |
1537 | 1537 |
not a very simple answer at all. |
1538 | 1538 |
</p> |
... | ... |
@@ -1581,31 +1581,29 @@ we move to a "directory guard" design as well. |
1581 | 1581 |
all IP packets, not just TCP packets.</a></h3> |
1582 | 1582 |
|
1583 | 1583 |
<p> |
1584 |
-This would be handy, because it would make Tor |
|
1585 |
-more generally useful. It would also solve the whole |
|
1586 |
-need to socksify applications, and it would resolve the <a |
|
1587 |
-href="<wikifaq>#HowdoIcheckifmyapplicationthatusesSOCKSisleakingDNSrequests">DNS |
|
1588 |
-leak problem</a> too. Lastly, it would solve the fact that exit relays |
|
1589 |
-need to allocate a lot of file descriptors to hold open all the exit |
|
1590 |
-connections. |
|
1584 |
+This would be handy, because it would make Tor better able to handle |
|
1585 |
+new protocols like VoIP, it could solve the whole need to socksify |
|
1586 |
+applications, and it would solve the fact that exit relays need to |
|
1587 |
+allocate a lot of file descriptors to hold open all the exit connections. |
|
1591 | 1588 |
</p> |
1592 | 1589 |
|
1593 | 1590 |
<p> |
1594 |
-On the other hand, there are six reasons we haven't done this: |
|
1591 |
+We're heading in this direction: see <a |
|
1592 |
+href="https://trac.torproject.org/projects/tor/ticket/1855">this trac |
|
1593 |
+ticket</a> for directions we should investigate. Some of the hard |
|
1594 |
+problems are: |
|
1595 | 1595 |
</p> |
1596 | 1596 |
|
1597 |
-<li>IP packets reveal OS characteristics. We would still |
|
1598 |
-need to do IP-level packet normalization, to stop things like |
|
1599 |
-TCP fingerprinting attacks. This is unlikely to be a trivial |
|
1600 |
-task, given the diversity and complexity of TCP stacks. In |
|
1601 |
-fact, it's worse than this: check out the new class of <a |
|
1597 |
+<li>IP packets reveal OS characteristics. We would still need to do |
|
1598 |
+IP-level packet normalization, to stop things like TCP fingerprinting |
|
1599 |
+attacks. Given the diversity and complexity of TCP stacks, along with <a |
|
1602 | 1600 |
href="<wikifaq>#DoesTorresistremotephysicaldevicefingerprinting">device |
1603 |
-fingerprinting attacks</a> which we would have to tackle as well. |
|
1601 |
+fingerprinting attacks</a>, it looks like our best bet is shipping our |
|
1602 |
+own user-space TCP stack. |
|
1604 | 1603 |
</li> |
1605 |
-<li>Application-level streams still need scrubbing. We still need Tor |
|
1606 |
-to be easy to integrate with user-level application-specific proxies |
|
1607 |
-such as Privoxy. So it's not just a matter of capturing packets and |
|
1608 |
-anonymizing them at the IP layer. |
|
1604 |
+<li>Application-level streams still need scrubbing. We will still need |
|
1605 |
+user-side applications like Torbutton. So it won't become just a matter |
|
1606 |
+of capturing packets and anonymizing them at the IP layer. |
|
1609 | 1607 |
</li> |
1610 | 1608 |
<li>Certain protocols will still leak information. For example, we must |
1611 | 1609 |
rewrite DNS requests so they are delivered to an unlinkable DNS server |
... | ... |
@@ -1614,10 +1612,10 @@ the protocols we are transporting. |
1614 | 1612 |
</li> |
1615 | 1613 |
<li><a |
1616 | 1614 |
href="http://crypto.stanford.edu/~nagendra/projects/dtls/dtls.html">DTLS</a> |
1617 |
-(datagram TLS) will be in the 0.9.8 openssl release. We need to design |
|
1618 |
-a new end-to-end Tor protocol for avoiding tagging attacks and other |
|
1619 |
-potential anonymity and integrity issues now that we allow drops, resends, |
|
1620 |
-et cetera. |
|
1615 |
+(datagram TLS) basically has no users, and IPsec sure is big. Once we've |
|
1616 |
+picked a transport mechanism, we need to design a new end-to-end Tor |
|
1617 |
+protocol for avoiding tagging attacks and other potential anonymity and |
|
1618 |
+integrity issues now that we allow drops, resends, et cetera. |
|
1621 | 1619 |
</li> |
1622 | 1620 |
<li>Exit policies for arbitrary IP packets mean building a secure |
1623 | 1621 |
IDS. Our node operators tell us that exit policies are one of the main |
... | ... |
@@ -1633,12 +1631,10 @@ so clients can predict which nodes will allow their packets to exit — |
1633 | 1631 |
and clients need to predict all the packets they will want to send in |
1634 | 1632 |
a session before picking their exit node! |
1635 | 1633 |
</li> |
1636 |
-<li>The Tor-internal name spaces would need to be redesigned. We |
|
1637 |
-support hidden service ".onion" addresses (and other special addresses, |
|
1638 |
-like ".exit" which lets the user request a particular exit node), by |
|
1639 |
-intercepting the addresses when they are passed to the Tor client. Doing |
|
1640 |
-so at the IP level would require a more complex interface between Tor |
|
1641 |
-and the local DNS resolver. |
|
1634 |
+<li>The Tor-internal name spaces would need to be redesigned. We support |
|
1635 |
+hidden service ".onion" addresses by intercepting the addresses when |
|
1636 |
+they are passed to the Tor client. Doing so at the IP level will require |
|
1637 |
+a more complex interface between Tor and the local DNS resolver. |
|
1642 | 1638 |
</li> |
1643 | 1639 |
</ol> |
1644 | 1640 |
|
... | ... |
@@ -665,7 +665,7 @@ meetings around the world.</li> |
665 | 665 |
encryption. This is nice and simple, but it means all cells |
666 | 666 |
on a link are delayed when a single packet gets dropped, and |
667 | 667 |
it means we can only reasonably support TCP streams. We have a <a |
668 |
- href="https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#YoushouldtransportallIPpacketsnotjustTCPpackets.">list |
|
668 |
+ href="<page docs/faq>#TransportIPnotTCP">list |
|
669 | 669 |
of reasons why we haven't shifted to UDP transport</a>, but it would |
670 | 670 |
be great to see that list get shorter. We also have a proposed <a |
671 | 671 |
href="<gitblob>doc/spec/proposals/100-tor-spec-udp.txt">specification |
672 | 672 |