Delivery-Date: Mon, 05 Jan 2015 11:31:05 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id A7EE21E033A
	for <archiver@seul.org>; Mon,  5 Jan 2015 11:31:03 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 9A10731DED;
	Mon,  5 Jan 2015 16:30:59 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id A6B8232B81
 for <tor-talk@lists.torproject.org>; Mon,  5 Jan 2015 16:30:55 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 6XGzZA4LTLIb for <tor-talk@lists.torproject.org>;
 Mon,  5 Jan 2015 16:30:55 +0000 (UTC)
Received: from mail.imirhil.fr (server.imirhil.fr [IPv6:2001:41d0:8:c425::1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits))
 (Client CN "imirhil.fr", Issuer "CAcert Class 3 Root" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 5DCA732B4D
 for <tor-talk@lists.torproject.org>; Mon,  5 Jan 2015 16:30:55 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.imirhil.fr (Postfix) with ESMTPSA id 699D0201F4;
 Mon,  5 Jan 2015 17:30:51 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=imirhil.fr; s=mail;
 t=1420475452; bh=FFI635EyLYYcV3F3k9pRGvhX7tFfFGWSwNMipFuAAPE=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
 b=IFHhFrrU/1Y5DADqvHk2bFsghXtmvfp8d7H/F4WZ5p3rezgeFAjk24fTfyZu/EC5m
 7rsK2NU3kfQcTnXZXgasx8H3OnTvcdi4fm9pwxWtEcoJs8ZIwyYwHZO78ZIjWZGI+k
 HnJLDB99r8xeUp+3/YIcVHBucSpLjmisSxXFO6Bw=
From: Aeris <aeris+tor@imirhil.fr>
To: Hollow Quincy <hollow.quincy@gmail.com>
Date: Mon, 05 Jan 2015 17:30:42 +0100
Message-ID: <15113876.8Z7vT0AnRp@pc353>
In-Reply-To: <CAB=COR7iiKtvJhkBhar=hch287R0yDsDyW=vapBZJOZ+NqnfWg@mail.gmail.com>
References: <CAB=COR7iiKtvJhkBhar=hch287R0yDsDyW=vapBZJOZ+NqnfWg@mail.gmail.com>
MIME-Version: 1.0
Cc: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] TOR issues
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============5756336950779533348=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============5756336950779533348==
Content-Type: multipart/signed; boundary="nextPart5551168.lNKD9v6SZm"; micalg="pgp-sha512"; protocol="application/pgp-signature"


--nextPart5551168.lNKD9v6SZm
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Hi,

> 1) Who store the mapping Onion_URL to real IP ? How exit node know
> where to send request ?

Nobody store this mapping.
Your client encrypt for exit node, then middle node then guard node, an=
d send=20
the triple-encrypted packet to the guard node.
Then guard can decrypt, see the adress for the middle, send the double-=

encrypted packet to middle.
Middle can decrypt, see the adress of the exit, send the single encrypt=
ed=20
packet to exit.
Exit can decrypt, see the real request, do it, and send the reply on th=
e=20
already open channel to the client.

Nobody have to know more than previous and next hop IP adress to do thi=
s.

> 2) How to become Exit Node ?
> I understand that everyone can become normal node. If I become exit
> node even for some requests I can find mapping Onion_URL to real IP.
> Than IP of the page is not secret any more.

No, you only see IP from the middle nodes of incoming request.
Never the real client IP.

> 3) How the communication is encrypted between nodes ?
> RSA encryption is not resistant for Man In The Middle attack. (that's=

> why when I connect to new SSH server I need to add public key of the
> server to trusted list).
> When I use TOR my request goes to Node1 and than to Node2. How can I
> establish save connection with Node2, when Node1 is between us ?

RSA (assymetric encryption) is only use to exchange private data to do =
AES=20
(symmetric encryption) after that.
And RSA *is* resistant to man-in-the-middle attack, AES is not.
With RSA, you can identify strongly your mate.

> 4) Is there a single point of failure ?

Not really.

> There need to be one central place where all IPs of TOR nodes are
> stored, so when I run my TOR bundle I go to this place and read node
> list and send requests using it. So if this place is down (for exampl=
e
> because DDOS attract) new users will not be able to use TOR network.
> They will not find any TOR node.

There are Directory Authorities (10 actually) to store Tor node IP and =
public=20
key, and to calculate consensus for exit/guard probabilities.
Those servers are managed by differents people or organisations and it =
won=E2=80=99t be=20
so easy to take them down all in the same time.
Adding new directories is not difficult, but require Tor upgrade (curre=
ntly=20
hardcoded IP).

Regards,
=2D-=20
Aeris

Prot=C3=A9gez votre vie priv=C3=A9e, chiffrez vos communications
GPG : EFB74277 ECE4E222
OTR : 922C97CA EC0B1AD3
https://caf=C3=A9-vie-priv=C3=A9e.fr/
--nextPart5551168.lNKD9v6SZm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCgAGBQJUqrwyAAoJEO+3Qnfs5OIivaAQAIo6PhmHc7iu5kShXQeSHR/k
2pWlyDH+x3FpvnavIgXrbL2+k5pbfxAiN7BUhpziN6Rvlj+yYRHu6GHBf4eA7cS/
leIk3pfA/fKI7ghuGqcBrnQX9FZbMu6WpYUSGLW7lU6FSFnvDo5O3FbUPy9agPRB
xTAsNx0g3SDeW+8Y3nhAyBEftRO21+66yrKRb7uRvrDZFMLxX84dh7EoTAjUncFC
YEwweQixm1MGzdbxfulsx6Au+xVPjUe7gqpfr6FTf+tW/AAUgKsy84AauZGcDvYY
GDgSfp1ZSWwtcEvd/LLfIHe3p0PdTKwyQ9VDUvSQcf6v5clLSoinaS6cHM95z/jg
7XTnM0u2MySZislImIyGOQd3KSwkiK8OxPZzIc9gpbmxS7PvDpWY+363gjP6nQfH
5KfMUrVpxGvjGZ6X8R3F2kaGTiJTm2DIXnx9W8spq+btp8YOlrIrcfO+ANz2J2/4
SgrdOryE3ZAG2L1DD0HV8xNRkeMpaA892ROa/FUzdtJ3itdoFBi3GTNm7H/pjYKH
KxH81AWSiACrhHRbGMCG+KIukCfznZnKmMnsflTI4JWZLqrsjNNnniGPEeYBnngQ
RYehRKOcRxZHtvQ0L+KAgGT48tdjdPFo482C+HxwbBRn81hB1ij/ZIqSrklz3XEn
Z7YYykcyK53ROc/GhuvO
=v9QH
-----END PGP SIGNATURE-----

--nextPart5551168.lNKD9v6SZm--


--===============5756336950779533348==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============5756336950779533348==--

