[tahoe-lafs-trac-stream] [Tahoe-LAFS] #517: make tahoe Tor- and I2P-friendly

Tahoe-LAFS trac at tahoe-lafs.org
Tue Mar 29 16:08:35 UTC 2016 

#517: make tahoe Tor- and I2P-friendly
-------------------------+-------------------------------------------------
     Reporter:  warner   |      Owner:  warner
         Type:           |     Status:  new
  enhancement            |
     Priority:  minor    |  Milestone:  1.12.0
    Component:  code-    |    Version:  1.2.0
  network                |   Keywords:  privacy anonymity anti-censorship
   Resolution:           |  i2p tor-protocol usability
Launchpad Bug:           |
-------------------------+-------------------------------------------------

Comment (by leif):

 Replying to [comment:70 dawuud]:
 >
 > Latest branches at:
 >
 > - https://github.com/david415/tahoe-lafs/tree/517.add-client-plugin-
 config.2
 > - https://github.com/david415/foolscap/tree/tor-client-plugin.3
 >
 > Code review needed.

 Cool, glad to see this is progressing!

 The design as implemented above allows for some flexibility but not enough
 in my opinion.

 It does allow multiple proxies named `foo` and `bar` to be configured by
 implicitly defining new connection hint types `foo` and `bar` with
 `{foo,bar}.socks_{host,port}` in Tahoe's `connections` configuration
 section; those types could then be used from locally-specified connection
 hints via the #467 introless branch, or could even be used in
 announcements if there is coordination between servers and clients as to
 what the names of the proxies are.

 But what is unfortunately not yet possible (except perhaps with the hacky
 solution below) is the use case I keep coming back to: I want to connect
 to announced servers over tor by default (which, in the most recent branch
 means setting `tcp.socks_{host,port}`) but I want to use the introless
 config in #467 to specify somehow that I want to connect to certain
 servers directly (perhaps because they are on my LAN or a VPN).

 There is a hacky way that this could technically be possible using
 dawuud's latest branches: I could run a local socks server to facilitate
 non-Tor connections.  But, I'd have to give it some name, and if the
 introducer (or any server connecting to the introducer) guessed the name
 they could send me connection hints using that name (which would cause me
 to make non-tor connections to them).

 I still like my connection-hint-rewriting plan I described in [comment:64
 a previous comment], which would allow Tahoe to not have any knowledge of
 various foolscap plugins (in its code - it would in its config). Perhaps
 there is a better solution, but it seems to me that blindly passing
 connection hints from announcements into foolscap is at odds with my
 desire to both (a) default to tor (read: not let malicious servers cause
 me to make non-tor connections) and (b) have the ability to make non-tor
 connections to servers of my choosing.

--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/517#comment:71>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list