Delivery-Date: Fri, 30 Jan 2015 19:22:03 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,
	URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 350221E04F7
	for <archiver@seul.org>; Fri, 30 Jan 2015 19:22:02 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 3370732D99;
	Sat, 31 Jan 2015 00:21:58 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id A8F0F32D8E
 for <tor-talk@lists.torproject.org>; Sat, 31 Jan 2015 00:21:53 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id vXgQWQCt6WJP for <tor-talk@lists.torproject.org>;
 Sat, 31 Jan 2015 00:21:53 +0000 (UTC)
Received: from mail-pa0-x235.google.com (mail-pa0-x235.google.com
 [IPv6:2607:f8b0:400e:c03::235])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 7487E32D67
 for <tor-talk@lists.torproject.org>; Sat, 31 Jan 2015 00:21:53 +0000 (UTC)
Received: by mail-pa0-f53.google.com with SMTP id kx10so58276831pab.12
 for <tor-talk@lists.torproject.org>; Fri, 30 Jan 2015 16:21:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=message-id:date:from:user-agent:mime-version:to:subject:in-reply-to
 :content-type:content-transfer-encoding;
 bh=sZ3wQ86hS7PI65tWuGuT6x8mYzhFM+RKSPocKWFFan4=;
 b=D+3Mte8h09VWrkpbNI/oO4PEfBsIpqEwRzZ1DapyJ6VZsuJe0Mn06Ly9ON3EhYOv+5
 RzNe2bx/QVbUS0vnOFhvtluxg65UKIVUP9YC+q7Op5SZ9KyjYTu154NCqRDS+2Vm2Sle
 BjWwp9XAUzC08fuypyQ3ULgBxbEw9JiROJ1Zfqg/Anagu5knDWrjtqbQOFsBh7tWuvAP
 K98gFiAEK21ig5IIpyNL6VjyNTyHb/YLRUloHDgio8v3Oq9bCI/PwTcDCrlM7AtP2ftG
 c2m4nUcu2QBxKNJ5I+76DFGaOljDNwc3141oJXO3MjkIFDZIO7G2HQeRAKvfCRI6W0+S
 bIFw==
X-Received: by 10.66.63.2 with SMTP id c2mr12400858pas.23.1422663710869;
 Fri, 30 Jan 2015 16:21:50 -0800 (PST)
Received: from [172.20.1.79] ([12.232.194.107])
 by mx.google.com with ESMTPSA id if10sm2846635pad.38.2015.01.30.16.21.48
 for <tor-talk@lists.torproject.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 30 Jan 2015 16:21:50 -0800 (PST)
Message-ID: <54CC201B.30608@gmail.com>
Date: Fri, 30 Jan 2015 17:21:47 -0700
From: Gavin Wahl <gavinwahl@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Icedove/31.2.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
In-Reply-To: <52FF1FBF.4040202@riseup.net>
Subject: Re: [tor-talk] corridor, a Tor traffic whitelisting gateway
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

  > I think the topic Bridge Firewall is also related here:
  >
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/BridgeFirewall
  >
  > (The topic didn't move there yet, but it's all very similar ideas
  > we're discussing here.)

Isn't corridor exactly what that article is describing? It seems like
it's also vulnerable to the 'Severe issue' in the article -- a
compromised tor host behind corridor can get its public IP address with
the 'getinfo address' Tor control protocol command and deanonymize.

Whonix includes this in its threat model -- you should be able to run
arbitrary/compromised code behind the tor gateway and be safe. Can
corridor do anything about it?

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

