Главная Обзор Помощь
Вход
piros
/
tor
3
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: df9d42cef5
Ветки Метки
tor
/
doc
/
spec
/
proposals
/
148-uniform-client-end-reason.txt

148-uniform-client-end-reason.txt 2.4 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 
  1. Filename: 148-uniform-client-end-reason.txt
    2. 

  2. Title: Stream end reasons from the client side should be uniform
    3. 

  3. Author: Roger Dingledine
    4. 

  4. Created: 2-Jul-2008
    5. 

  5. Status: Closed
    6. 

  6. Implemented-In: 0.2.1.9-alpha
    7. 

  7. 

  8. Overview
    9. 

  9. 

  10.   When a stream closes before it's finished, the end relay cell that's
    11. 

  11.   sent includes an "end stream reason" to tell the other end why it
    12. 

  12.   closed. It's useful for the exit relay to send a reason to the client,
    13. 

  13.   so the client can choose a different circuit, inform the user, etc. But
    14. 

  14.   there's no reason to include it from the client to the exit relay,
    15. 

  15.   and in some cases it can even harm anonymity.
    16. 

  16. 

  17.   We should pick a single reason for the client-to-exit-relay direction
    18. 

  18.   and always just send that.
    19. 

  19. 

  20. Motivation
    21. 

  21. 

  22.   Back when I first deployed the Tor network, it was useful to have
    23. 

  23.   the Tor relays learn why a stream closed, so I could debug both ends
    24. 

  24.   of the stream at once. Now that streams have worked for many years,
    25. 

  25.   there's no need to continue telling the exit relay whether the client
    26. 

  26.   gave up on a stream because of "timeout" or "misc" or what.
    27. 

  27. 

  28.   Then in Tor 0.2.0.28-rc, I fixed this bug:
    29. 

  29.     - Fix a bug where, when we were choosing the 'end stream reason' to
    30. 

  30.       put in our relay end cell that we send to the exit relay, Tor
    31. 

  31.       clients on Windows were sometimes sending the wrong 'reason'. The
    32. 

  32.       anonymity problem is that exit relays may be able to guess whether
    33. 

  33.       the client is running Windows, thus helping partition the anonymity
    34. 

  34.       set. Down the road we should stop sending reasons to exit relays,
    35. 

  35.       or otherwise prevent future versions of this bug.
    36. 

  36. 

  37.   It turned out that non-Windows clients were choosing their reason
    38. 

  38.   correctly, whereas Windows clients were potentially looking at errno
    39. 

  39.   wrong and so always choosing 'misc'.
    40. 

  40. 

  41.   I fixed that particular bug, but I think we should prevent future
    42. 

  42.   versions of the bug too.
    43. 

  43. 

  44.   (We already fixed it so *circuit* end reasons don't get sent from
    45. 

  45.   the client to the exit relay. But we appear to be have skipped over
    46. 

  46.   stream end reasons thus far.)
    47. 

  47. 

  48. Design:
    49. 

  49. 

  50.   One option would be to no longer include any 'reason' field in end
    51. 

  51.   relay cells. But that would introduce a partitioning attack ("users
    52. 

  52.   running the old version" vs "users running the new version").
    53. 

  53. 

  54.   Instead I suggest that clients all switch to sending the "misc" reason,
    55. 

  55.   like most of the Windows clients currently do and like the non-Windows
    56. 

  56.   clients already do sometimes.
    57. 

  57.