| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 | Filename: 152-single-hop-circuits.txtTitle: Optionally allow exit from single-hop circuits Version:Last-Modified:Author: Geoff GoodellCreated: 13-Jul-2008Status: ClosedOverview    Provide a special configuration option that adds a line to descriptors    indicating that a router can be used as an exit for one-hop circuits,    and allow clients to attach streams to one-hop circuits provided    that the descriptor for the router in the circuit includes this    configuration option.Motivation    At some point, code was added to restrict the attachment of streams    to one-hop circuits.    The idea seems to be that we can use the cost of forking and    maintaining a patch as a lever to prevent people from writing    controllers that jeopardize the operational security of routers    and the anonymity properties of the Tor network by creating and    using one-hop circuits rather than the standard three-hop circuits.    It may be, for example, that some users do not actually seek true    anonymity but simply reachability through network perspectives    afforded by the Tor network, and since anonymity is stronger in    numbers, forcing users to contribute to anonymity and decrease the    risk to server operators by using full-length paths may be reasonable.    As presently implemented, the sweeping restriction of one-hop circuits    for all routers limits the usefulness of Tor as a general-purpose    technology for building circuits.  In particular, we should allow    for controllers, such as Blossom, that create and use single-hop    circuits involving routers that are not part of the Tor network.Design    Introduce a configuration option for Tor servers that, when set,    indicates that a router is willing to provide exit from one-hop    circuits.  Routers with this policy will not require that a circuit    has at least two hops when it is used as an exit.    In addition, routers for which this configuration option    has been set will have a line in their descriptors, "opt    exit-from-single-hop-circuits".  Clients will keep track of which    routers have this option and allow streams to be attached to    single-hop circuits that include such routers.Security Considerations    This approach seems to eliminate the worry about operational router    security, since server operators will not set the configuraiton    option unless they are willing to take on such risk.    To reduce the impact on anonymity of the network resulting    from including such "risky" routers in regular Tor path    selection, clients may systematically exclude routers with "opt    exit-from-single-hop-circuits" when choosing random paths through    the Tor network.
 |