On Wed, Jun 21, 2006 at 01:14:52PM -0400, Todd Vierling wrote:
On 6/20/06, Lionel Elie Mamane <lionel@mamane.lu> wrote:
You don't do your financial transactions over HTTPS? If you do, by the very design of SSL, the tor exit node cannot add any HTTP header. That would be a man-in-the-middle attack on SSL.
Which, for an anonymizing network, could be a deliberate situation.
The user then loses end-to-end encryption with the final server he want to connect to.
Depends on your definition of "end-to-end" -- if one "end" is "an agent on the user's computer", it still fits. But I think you misunderstand the reason for a filtering proxy in the context of anonymizing networks; read on:
So suddenly this daemon needs an UI on every single user on the desktop of the user.
Here's where your misunderstanding is evident. The filtering proxy is not at the Tor exit node; it's at the *entry*.
If the proxy is not at the Tor exit node, how can the tor network enforce the addition of the "this connection went through tor" HTTP header that Kevin Day was asking for? Fundamentally, if you rely on a program sitting on the user's computer adding that header, then malevolent users can not add this header, so Kevin Day's purpose is not served. And that is what is being discussed here.
Let's suppose the tor exit node does this https-man-in-the-middle dance. It is not desirable for all connections, so you need some way for the user to say per connection what whether it should happen or not. SOCKS doesn't have such a thing in its protocol, so...
With SOCKS, automated filter control based on IP address (and hostname, if using SOCKS4a or SOCKS5 with DOMAINNAME address type) is trivial.
What I was trying to say was: The SOCKS protocol has no mechanism for the SOCKS proxy to tell the SOCKS client "before I establish that connection, please ask the user that question and report the answer back to me". -- Lionel