Delivery-Date: Tue, 18 Nov 2014 11:36:07 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 296DD1E0526;
	Tue, 18 Nov 2014 11:36:06 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id E749D31D3F;
	Tue, 18 Nov 2014 16:35:59 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 99E0731C6A
 for <tor-talk@lists.torproject.org>; Tue, 18 Nov 2014 16:35:56 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id WxtnEkF4ZaE8 for <tor-talk@lists.torproject.org>;
 Tue, 18 Nov 2014 16:35:56 +0000 (UTC)
Received: from mail-wg0-x22c.google.com (mail-wg0-x22c.google.com
 [IPv6:2a00:1450:400c:c00::22c])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 2891231D36
 for <tor-talk@lists.torproject.org>; Tue, 18 Nov 2014 16:35:56 +0000 (UTC)
Received: by mail-wg0-f44.google.com with SMTP id b13so1739639wgh.31
 for <tor-talk@lists.torproject.org>; Tue, 18 Nov 2014 08:35:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=message-id:date:from:user-agent:mime-version:to:subject:references
 :in-reply-to:content-type;
 bh=/O9rOOQywxfOX8nX02Lb03c1Mzv7ggTHoA/ixWDSB08=;
 b=0+pS3KUEzEqLBsvVDyJ/p+pG1Av82yVeqyLUC+V99AFDC3Jz3BuXFjeJtLsTsyXpp3
 lQCXZMA/ZczI6eK5vRqJlc0dCrHhAjVqyrkLrQcoFZZ7zC8qT/WltxfAkE2GtGes46PW
 N1K7sJSaFUmTlupKVkMZmhTrOaHgSlRhQdT0FcBx+/ntsM9SC1GNc0O0W4HrGjm4AkS+
 ZkjKowRA79G/8UlQkJP7I7G2fRbrv1TguTGQ5PZ7a9QRoRwdUIIdpHpobhpjPoI0wcyf
 3agEDfvx9pw+ozNHCZUW5be53RvdCqJKPIq4mux6GM4qE5JmeqpJNTVAeUEmZleHG7/0
 +7Kg==
X-Received: by 10.194.58.205 with SMTP id t13mr6251480wjq.55.1416328546728;
 Tue, 18 Nov 2014 08:35:46 -0800 (PST)
Received: from [192.168.1.11] (ANice-652-1-360-76.w83-201.abo.wanadoo.fr.
 [83.201.91.76])
 by mx.google.com with ESMTPSA id p3sm56448280wjf.49.2014.11.18.08.35.45
 for <tor-talk@lists.torproject.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 18 Nov 2014 08:35:45 -0800 (PST)
Message-ID: <546B7569.3070803@gmail.com>
Date: Tue, 18 Nov 2014 17:35:53 +0100
From: Aymeric Vitte <vitteaymeric@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <CAJVRA1RUBUuZhTE7BX_aJTRnWFPZQ=nVEB3HJhbTm7JqneUNVg@mail.gmail.com>
 <546A3FDC.1020909@openmailbox.org>
In-Reply-To: <546A3FDC.1020909@openmailbox.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Tor router requirements / best practices [was: Cloak
 Tor Router]
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

I am not sure we are talking about the same thing, or at least we see it =

differently, I don't see very well what would be the use of a box acting =

as a bridge, it would mean that the OP is inside your device while the =

box is supposed to anonymize (as far as it can) or block the traffic =

from any devices on the local network.

I don't see very well what would do the captive portal too (why port 80 =

only?)

Mike wrote:

"...to design a secure pairing system between Tor Browser and a Tor =

router ..."

"In this mode, the Tor router could actually act as a defense-in-depth =

mechanism that would block all non-proxied traffic, providing additional =

protection against browser or other remote exploits, by only allowing =

properly Tor-configured application traffic to exit onto the Tor network."

OK for browsing, but then you would block all the traffic for apps or =

devices that you can not proxy.

As I see it the interest of such a box is to centralize the traffic of =

whatever connected object you have and decide if it should be blocked or =

routed through Tor or not.

I don't see an ideal design but I think the box could have as simple =

interface where for any connected device the user can choose:

block (default yes)

if not blocked:

ssl : block/Tor/not Tor - default Tor

non ssl: block/Tor/not Tor - default not Tor

With the pairing system mentioned above where the user would use the FF =

Tor browser if available on the device with the proxy automatically set =

to the box and where the box would let go through Tor the traffic that =

is proxied to it independantly of the above rules except if the device =

is blocked.

Still the user would have to do some configuration but that does not =

look complicate.

This assumes that you trust your local network.


Le 17/11/2014 19:35, Rusty Bird a =E9crit :
> coderman wrote:
>
>> - The best design we've been able to come up with is one that forces you
>> to be using Tor on your side, and only allows your traffic through if it=
's
>> coming from Tor.
> corridor has such a design:
> https://github.com/rustybird/corridor
>
> I'd love to turn it into a bona fide WiFi hotspot:
> https://github.com/rustybird/corridor#todo
>
>> Making it use a proxy, or maybe even better a Tor bridge,
>> that's running on the router seems a fine way to do this limiting.
> Doesn't bridge connection setup (on the client side) complicate things
> too much, especially for people unfamiliar with Tor?
>
> More importantly, a bridge would usurp the position of any circuit's
> first hop. Though there's a trac ticket somewhere about plans to make
> bridges the zeroth node before the other three.
>
>> And we
>> could also imagine running a captive portal website on the router that
>> intercepts outgoing port 80 requests and teaches you what you need to
>> do to use this network connection safely. Perhaps it has a local copy
>> of Tor Browser for you (but how does the user know it's the real Tor
>> Browser?), or perhaps it lets you reach https://www.torproject.org/
>> so you can fetch it yourself.
> Yup, see the todo.
>
> I really hope to be able to work on this in the next months. If not,
> maybe you can find some use in the corridor repo.
>
> Rusty Bird
>
>
>

-- =

Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

