Opened 2 years ago

Last modified 23 months ago

#22363 new enhancement

Make our test network public

Reported by: dgoulet Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: test-network integration-testing needs-though
Cc: tom Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

It would be really great if we could have our test network public so people can join it to help and other projects could use its data openly.

However, by doing so right now, the network can basically become a "Tor 2" or have the issue that any tor from the current network could use the nodes in the test network without it being in the consensus. This is problematic since operators signing up for the test network should not be receiving legitimate traffic or their Exit being used for regular traffic which is bad.

Here are some ideas we can play around with:

1) Make relay in the test network advertise that they are for "Testing" in their descriptor and then making the dirauth ignore that line for the real network consensus which would make a normal tor ignore them. However, it doesn't protect against a modified tor that just ignore that line in the descriptor and end up picking the nodes.

2) Provide a firewall script for the Exit node operator that blocks all outbound connections except maybe one localhost service that could be setup for testing the actual Exit circuit. This is also partial because hidden service.

3) Make the test network *not* connect to unknown relays but I'm not to sympathetic to this fix as it makes the test network behave differently from the real one.

4) Do NOT make the test network public and just scrubs the data for IP/Port so we can put that data openly but the network stays private.

5) ... ?

Child Tickets

Change History (3)

comment:1 Changed 2 years ago by tom

Cc: tom added

comment:2 Changed 23 months ago by teor

5) Define a shared secret for the test network, and make all initial authentication (signatures, handshakes) include that secret as additional key/hash material.

As a bonus, we could do the same thing when TestingTorNetwork is set, so that test networks don't accidentally connect with the real network.

I think this would cost much more than it's worth, but it *is* secure.

Although, maybe we would only need to modify the initial OR handshake?

  • CREATE_FAST, and
  • v0 - v4

(We could also modify relay descriptor signatures as a precaution, to prevent useless relays being dumped on the public network.)

comment:3 Changed 23 months ago by nickm

Keywords: integration-testing needs-though added
Note: See TracTickets for help on using tickets.