Opened 12 years ago

Last modified 5 years ago

#800 closed enhancement (wontfix)

Add the ability to operate as an exit enclave exclusively — at Version 3

Reported by: micah Owned by:
Priority: Low Milestone: Tor: unspecified
Component: Core Tor/Tor Version: 0.2.1.4-alpha
Severity: Keywords: needs-proposal tor-relay
Cc: micah, nickm, intrigeri@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by nickm)

I would like to setup exit enclaves for all of the public facing services that I manage. However, I would like
these exit enclaves to just be exit enclaves, and not be routing other tor traffic through them as an intermediary.

I want to contribute to the tor network by routing tor network traffic, providing a bridge and an exit node, but I prefer
to separate these logically and topologically in our network and not bundle them together. This is especially true
because I've got multiple services in the same rack that are all configured identically that I would like each to
exit enclave for their services that they provide to the public, but not each individually be routing tor traffic as
intermediaries.

I would like to route tor traffic for others, but on a different box (and on a different network in some cases), but
not when I am exit enclaving.

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (3)

comment:1 Changed 12 years ago by micah

I should mention that I've configured my exit enclave in this manner:

http://wiki.noreply.org/noreply/TheOnionRouter/ExitEnclave

comment:2 Changed 12 years ago by arma

This is a good idea, but hard to do right. Needs a proposal.

I'm going to add a note about it to the development roadmap. My current
thought is that what you want is a "secure service" -- the same thing as
a Tor "hidden service" except you only use one-hop routing on your side.

So clients would access your service by the hash of its public key, something
like http://duskgytldkxiuqc6.exit/, and it would go to your exit enclave.

The trouble with having it automatically "intercept" requests to normal domain
names like http://indymedia.org/ is that the client doesn't know to ask you
whether you're the right place to exit from. And even if it did ask you, why
should it believe you?

comment:3 Changed 10 years ago by nickm

Description: modified (diff)
Milestone: post 0.2.1.xTor: unspecified

Still needs a design and a proposal . Moving to the "unspecified" benchmark.

Note: See TracTickets for help on using tickets.