1 Filename: 152-single-hop-circuits.txt
2 Title: Optionally allow exit from single-hop circuits
6 Implemented-In: 0.2.1.6-alpha
10 Provide a special configuration option that adds a line to descriptors
11 indicating that a router can be used as an exit for one-hop circuits,
12 and allow clients to attach streams to one-hop circuits provided
13 that the descriptor for the router in the circuit includes this
18 At some point, code was added to restrict the attachment of streams
21 The idea seems to be that we can use the cost of forking and
22 maintaining a patch as a lever to prevent people from writing
23 controllers that jeopardize the operational security of routers
24 and the anonymity properties of the Tor network by creating and
25 using one-hop circuits rather than the standard three-hop circuits.
26 It may be, for example, that some users do not actually seek true
27 anonymity but simply reachability through network perspectives
28 afforded by the Tor network, and since anonymity is stronger in
29 numbers, forcing users to contribute to anonymity and decrease the
30 risk to server operators by using full-length paths may be reasonable.
32 As presently implemented, the sweeping restriction of one-hop circuits
33 for all routers limits the usefulness of Tor as a general-purpose
34 technology for building circuits. In particular, we should allow
35 for controllers, such as Blossom, that create and use single-hop
36 circuits involving routers that are not part of the Tor network.
40 Introduce a configuration option for Tor servers that, when set,
41 indicates that a router is willing to provide exit from one-hop
42 circuits. Routers with this policy will not require that a circuit
43 has at least two hops when it is used as an exit.
45 In addition, routers for which this configuration option
46 has been set will have a line in their descriptors, "opt
47 exit-from-single-hop-circuits". Clients will keep track of which
48 routers have this option and allow streams to be attached to
49 single-hop circuits that include such routers.
51 Security Considerations
53 This approach seems to eliminate the worry about operational router
54 security, since server operators will not set the configuraiton
55 option unless they are willing to take on such risk.
57 To reduce the impact on anonymity of the network resulting
58 from including such "risky" routers in regular Tor path
59 selection, clients may systematically exclude routers with "opt
60 exit-from-single-hop-circuits" when choosing random paths through