Re: [tor-dev] Proposal 273: Exit relay pinning for web services

2016-10-18 Thread Georg Koppen
Philipp Winter: [snip] > 2. Design > > 2.1 Overview > >A simple analogy helps in explaining the concept behind exit relay >pinning: HTTP Public Key Pinning (HPKP) allows web servers to express >that browsers should pin certificates for a given time interval. >Similarly, exit

Re: [tor-dev] Proposal 273: Exit relay pinning for web services

2016-10-16 Thread s7r
teor wrote: > >> On 7 Oct 2016, at 00:22, s7r wrote: >> >> I don't care about location anonymity because my >> website is clearnet public anyway and I want my website to handle many >> Tor users, just setup a bridge Tor instance on localhost (127.0.0.1) not >> published to the

Re: [tor-dev] Proposal 273: Exit relay pinning for web services

2016-10-15 Thread teor
> On 7 Oct 2016, at 00:22, s7r wrote: > > I don't care about location anonymity because my > website is clearnet public anyway and I want my website to handle many > Tor users, just setup a bridge Tor instance on localhost (127.0.0.1) not > published to the bridge authority,

Re: [tor-dev] Proposal 273: Exit relay pinning for web services

2016-10-15 Thread Roger Dingledine
On Sat, Oct 15, 2016 at 07:02:19PM -0400, Aaron Johnson wrote: > A concern with this proposal that I have not seen mentioned is that exit >pinning would cause the Tor path itself to leak more information about >the intended destination. For example, a destination could (possibly >without malicious

Re: [tor-dev] Proposal 273: Exit relay pinning for web services

2016-10-15 Thread Aaron Johnson
A concern with this proposal that I have not seen mentioned is that exit pinning would cause the Tor path itself to leak more information about the intended destination. For example, a destination could (possibly without malicious intent) pin a single exit that is otherwise unlikely to be used.

Re: [tor-dev] Proposal 273: Exit relay pinning for web services

2016-10-11 Thread Henry de Valence
Hi, On Wed, Oct 05, 2016 at 04:09:15PM -0400, Philipp Winter wrote: > 0. Overview > >To mitigate the harm caused by malicious exit relays, this proposal >presents a novel scheme -- exit relay pinning -- to allow web sites >to express that Tor connections should preferably originate

Re: [tor-dev] Proposal 273: Exit relay pinning for web services

2016-10-07 Thread Nick Mathewson
On Wed, Oct 5, 2016 at 4:09 PM, Philipp Winter wrote: > The proposal is in draft state. We have several open questions that we > are still wrestling with in Section 2.6. Any feedback is greatly > appreciated. You can track the evolution of our proposal online: >

Re: [tor-dev] Proposal 273: Exit relay pinning for web services

2016-10-06 Thread Michael Rogers
On 05/10/16 21:09, Philipp Winter wrote: >Web servers support ERP by advertising it in the "Tor-Exit-Pins" HTTP >header. The header contains two directives, "url" and "max-age": > > Tor-Exit-Pins: url="https://example.com/pins.txt;; max-age=2678400 > >The "url" directive points

Re: [tor-dev] Proposal 273: Exit relay pinning for web services

2016-10-06 Thread s7r
Won't comment on the entire content because I have one big comment which refers to the entire proposal or better say the concept of the proposal. I would reject this proposal's concept, because we have o excuse to over-engineer and complicate things in this manner. This is just too complicated

Re: [tor-dev] Proposal 273: Exit relay pinning for web services

2016-10-06 Thread Jeremy Rand
Philipp Winter: > The proposal is in draft state. We have several open questions that we > are still wrestling with in Section 2.6. Any feedback is greatly > appreciated. You can track the evolution of our proposal online: > Hi Philipp, It

Re: [tor-dev] Proposal 273: Exit relay pinning for web services

2016-10-06 Thread Tom Ritter
I think directing users to an onion service would be significantly simpler and better in several regards. Aside from the 'onion severs can't get DV SSL certs' problem are there others Yawning or I have not mentioned? As far as the proposal goes itself, I agree with Roger that the problem of user

Re: [tor-dev] Proposal 273: Exit relay pinning for web services

2016-10-06 Thread grarpamp
On Wed, Oct 5, 2016 at 4:09 PM, Philipp Winter wrote: > Also, Tor Browser MUST abort the ERP procedure if the HTTPS > certificate is not signed by a trusted authority. This is a problem for independant sites that choose not to pay the CA cabal, deal with what free CA will be

Re: [tor-dev] Proposal 273: Exit relay pinning for web services

2016-10-05 Thread Roger Dingledine
On Wed, Oct 05, 2016 at 04:09:15PM -0400, Philipp Winter wrote: > Filename: 273-exit-relay-pinning.txt > Title: Exit relay pinning for web services Good topic! I'm glad people are still working on this one. >Web servers support ERP by advertising it in the "Tor-Exit-Pins" HTTP >header.

Re: [tor-dev] Proposal 273: Exit relay pinning for web services

2016-10-05 Thread Yawning Angel
On Wed, 5 Oct 2016 16:09:15 -0400 Philipp Winter wrote: > The proposal is in draft state. We have several open questions that > we are still wrestling with in Section 2.6. Any feedback is greatly > appreciated. You can track the evolution of our proposal online: >

[tor-dev] Proposal 273: Exit relay pinning for web services

2016-10-05 Thread Philipp Winter
The proposal is in draft state. We have several open questions that we are still wrestling with in Section 2.6. Any feedback is greatly appreciated. You can track the evolution of our proposal online: --- Filename: 273-exit-relay-pinning.txt