Comment (by arma):
I continue to think that teaching exit relays to avoid allowing exit connections to known relays (IP:ORPort) is a good and useful step.
We keep running across messy situations where letting somebody connect to a relay from an exit relay's IP address turns into a security surprise.
Does that mean that exits will no longer be able to run tor clients (ie. to run apt updates via tor)?
On Wed, Jan 31, 2018 at 11:41:00AM +0000, nusenu wrote:
Comment (by arma):
I continue to think that teaching exit relays to avoid allowing exit connections to known relays (IP:ORPort) is a good and useful step.
We keep running across messy situations where letting somebody connect to a relay from an exit relay's IP address turns into a security surprise.
Does that mean that exits will no longer be able to run tor clients (ie. to run apt updates via tor)?
No, they are unrelated. The things you describe would be connections made by the Tor client, and the things I describe would be connections made by building a circuit to the exit and sending a begin cell.
(Also, if you want to reply to a trac ticket comment, the strategy of responding on the tor-relays list is a very odd approach. :)
--Roger
Roger Dingledine:
On Wed, Jan 31, 2018 at 11:41:00AM +0000, nusenu wrote:
Comment (by arma):
I continue to think that teaching exit relays to avoid allowing exit connections to known relays (IP:ORPort) is a good and useful step.
We keep running across messy situations where letting somebody connect to a relay from an exit relay's IP address turns into a security surprise.
Does that mean that exits will no longer be able to run tor clients (ie. to run apt updates via tor)?
No, they are unrelated.
Great, thanks for the fast reply.
(Also, if you want to reply to a trac ticket comment, the strategy of responding on the tor-relays list is a very odd approach. :)
If the answer was yes - that would be relevant to this list.
I'm looking forward to the day where you can reply to tickets via email :)
tor-relays@lists.torproject.org
-
nusenu -
Roger Dingledine