add proposal 152

svn:r15903

doc/spec/proposals/000-index.txt

@@ -74,6 +74,7 @@ Proposals by number:
 149  Using data from NETINFO cells [OPEN]
 150  Exclude Exit Nodes from a circuit [ACCEPTED]
 151  Improving Tor Path Selection [DRAFT]
+152  Optionally allow exit from single-hop circuits  [DRAFT]
 
 
 Proposals by status:
@@ -85,6 +86,7 @@ Proposals by status:
    141  Download server descriptors on demand
    144  Increase the diversity of circuits by detecting nodes belonging the
    151  Improving Tor Path Selection
+   152  Optionally allow exit from single-hop circuits 
  OPEN:
    121  Hidden Service Authentication
    142  Combine Introduction and Rendezvous Points

doc/spec/proposals/152-single-hop-circuits.txt

@@ -0,0 +1,63 @@
+Filename: 152-single-hop-circuits.txt
+Title: Optionally allow exit from single-hop circuits 
+Version:
+Last-Modified:
+Author: Geoff Goodell
+Created: 13-Jul-2008
+Status: Draft
+
+Overview
+
+    Provide a special configuration option that adds a line to descriptors
+    indicating that a router can be used as an exit for one-hop circuits,
+    and allow clients to attach streams to one-hop circuits provided
+    that the descriptor for the router in the circuit includes this
+    configuration option.
+
+Motivation
+
+    At some point, code was added to restrict the attachment of streams
+    to one-hop circuits.
+
+    The idea seems to be that we can use the cost of forking and
+    maintaining a patch as a lever to prevent people from writing
+    controllers that jeopardize the operational security of routers
+    and the anonymity properties of the Tor network by creating and
+    using one-hop circuits rather than the standard three-hop circuits.
+    It may be, for example, that some users do not actually seek true
+    anonymity but simply reachability through network perspectives
+    afforded by the Tor network, and since anonymity is stronger in
+    numbers, forcing users to contribute to anonymity and decrease the
+    risk to server operators by using full-length paths may be reasonable.
+
+    As presently implemented, the sweeping restriction of one-hop circuits
+    for all routers limits the usefulness of Tor as a general-purpose
+    technology for building circuits.  In particular, we should allow
+    for controllers, such as Blossom, that create and use single-hop
+    circuits involving routers that are not part of the Tor network.
+
+Design
+
+    Introduce a configuration option for Tor servers that, when set,
+    indicates that a router is willing to provide exit from one-hop
+    circuits.  Routers with this policy will not require that a circuit
+    has at least two hops when it is used as an exit.
+
+    In addition, routers for which this configuration option
+    has been set will have a line in their descriptors, "opt
+    exit-from-single-hop-circuits".  Clients will keep track of which
+    routers have this option and allow streams to be attached to
+    single-hop circuits that include such routers.
+
+Security Considerations
+
+    This approach seems to eliminate the worry about operational router
+    security, since server operators will not set the configuraiton
+    option unless they are willing to take on such risk.
+
+    To reduce the impact on anonymity of the network resulting
+    from including such "risky" routers in regular Tor path
+    selection, clients may systematically exclude routers with "opt
+    exit-from-single-hop-circuits" when choosing random paths through
+    the Tor network.
+