Delivery-Date: Mon, 17 Nov 2014 13:41:56 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.9 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL,
	DKIM_SIGNED,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id AB1FF1E0CB0;
	Mon, 17 Nov 2014 13:41:54 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id BA4D220F6A;
	Mon, 17 Nov 2014 18:41:49 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 5386F20F6A
 for <tor-talk@lists.torproject.org>; Mon, 17 Nov 2014 18:41:46 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 1OjlQ5711qds for <tor-talk@lists.torproject.org>;
 Mon, 17 Nov 2014 18:41:46 +0000 (UTC)
Received: from mail2.openmailbox.org (mail2.openmailbox.org [62.4.1.33])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 0A1B0207AE
 for <tor-talk@lists.torproject.org>; Mon, 17 Nov 2014 18:41:45 +0000 (UTC)
X-Greylist: delayed 376 seconds by postgrey-1.34 at eugeni;
 Mon, 17 Nov 2014 18:41:46 UTC
Received: from localhost (localhost [127.0.0.1])
 by mail2.openmailbox.org (Postfix) with ESMTP id D9029202047;
 Mon, 17 Nov 2014 19:35:26 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=openmailbox.org;
 h=content-type:content-type:in-reply-to:references:subject
 :subject:mime-version:from:from:date:date:message-id:received;
 s=openmailbox; t=1416249320; bh=hPPYYBRTLLPzcDxu3X1g76Cs4+TGErd
 4FmK1AfBbrdc=; b=ou6q6x2mmXj2gZxgED+SehsGVK5dxCF58As4NLLpQubjJVc
 FGnAlfAXI+BjvCzkKEaxACHG+bCZbr0wfeWynTwJ6QGs5krxtVQIufGv3t7Gq5qX
 a2H2R3x2d62QqsIf4fkx5M4S9CzoXV7ImUNVP7/ZgQsqgDhtTE1Ky2SR5Roc=
X-Virus-Scanned: at openmailbox.org
Received: from mail2.openmailbox.org ([62.4.1.33])
 by localhost (mail.openmailbox.org [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id ZKSmqMdjiYwg; Mon, 17 Nov 2014 19:35:20 +0100 (CET)
Message-ID: <546A3FDC.1020909@openmailbox.org>
Date: Mon, 17 Nov 2014 18:35:08 +0000
From: Rusty Bird <rustybird@openmailbox.org>
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <CAJVRA1RUBUuZhTE7BX_aJTRnWFPZQ=nVEB3HJhbTm7JqneUNVg@mail.gmail.com>
In-Reply-To: <CAJVRA1RUBUuZhTE7BX_aJTRnWFPZQ=nVEB3HJhbTm7JqneUNVg@mail.gmail.com>
Subject: Re: [tor-talk] Tor router requirements / best practices [was: Cloak
 Tor Router]
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1674919508243304637=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1674919508243304637==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="wx69BqAPhssfFnu7mSkL0oXt5IM4N7Oib"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--wx69BqAPhssfFnu7mSkL0oXt5IM4N7Oib
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

coderman wrote:

> - The best design we've been able to come up with is one that forces yo=
u
> to be using Tor on your side, and only allows your traffic through if i=
t's
> coming from Tor.

corridor has such a design:
https://github.com/rustybird/corridor

I'd love to turn it into a bona fide WiFi hotspot:
https://github.com/rustybird/corridor#todo

> Making it use a proxy, or maybe even better a Tor bridge,
> that's running on the router seems a fine way to do this limiting.

Doesn't bridge connection setup (on the client side) complicate things
too much, especially for people unfamiliar with Tor?

More importantly, a bridge would usurp the position of any circuit's
first hop. Though there's a trac ticket somewhere about plans to make
bridges the zeroth node before the other three.

> And we
> could also imagine running a captive portal website on the router that
> intercepts outgoing port 80 requests and teaches you what you need to
> do to use this network connection safely. Perhaps it has a local copy
> of Tor Browser for you (but how does the user know it's the real Tor
> Browser?), or perhaps it lets you reach https://www.torproject.org/
> so you can fetch it yourself.

Yup, see the todo.

I really hope to be able to work on this in the next months. If not,
maybe you can find some use in the corridor repo.

Rusty Bird


--wx69BqAPhssfFnu7mSkL0oXt5IM4N7Oib
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUaj/jAAoJEEadePR6ryrfg4MQAItttpULdDT3yeG9wfFZxN6c
T4vRco1DAz9vr0RhTGVkQ036gOflJRU3IVVfGPvU20kaTjFZr8T84JiEZDP/T1Ui
g1tts/X94N2ggF2FJaK54wt5KBB7YByMV0vFwdSrPTetAnQ+7IGn7GQCIUMRnX9a
Srq0pYZRN22o9z9MVeluN4frw1zIwDuENIQkgxYp68eav35tKSWRO3xsrTRtBFa+
i14aRZFy+EBOFHTPHCF3wRNB544+6sWK6RO5mlmNGc1/5ofTIfet5HUB3+b5+6x3
Cw+kzMvVRkpin19Yk4zsqXXwvIqB2VX4ZasUlryy2qtlhNVbviB5+x8aZRNHnP3x
EhUju8SozBfpeAEOQ35XMmxBsoyqtJk0zTG9Mea2m8Tvu+ahaLvtF9n0GsYWWjRj
7Z2zqKsUuPgQTv7QosDFdotqS+U4tBGbeQ8bspPUe6Hzr7h3fsT5SkjDZnESdKQ0
IwQ/MpJsU5O4XJSn0uPsyf4CQFichhFtRKvPJlGVIyUjYcIkR8aEu0Il8cUot299
zrQZHwx+8en4ACDNoQVIu9oRW9N/EFYKqxCvcUw822eGiAr6w/PXrx/roeNzA5rx
4w7zXidwQmPL3M+FUooTqrQofBr/mxXl+z/bBH3isZ353iPuOnbvz7F4YOWCJ0uO
9kdMpikBhdAwAy4g2CkP
=1g88
-----END PGP SIGNATURE-----

--wx69BqAPhssfFnu7mSkL0oXt5IM4N7Oib--

--===============1674919508243304637==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============1674919508243304637==--

