[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Opt-Out Lists: Useful Feature?



> Another down side is that we'd need some way to keep people from
> opting out *other* sites -- effectively DoSing them. Plus, as you say,

yes, i was afraid you wouldn't like it.  good points, though.

> Also, it's not clear how services would realize that Tor is doing the
> connections. How does this work for bugmenot?

i understand it's very primitive.  if you don't like them, you tell
them and they'll blacklist you manually.

> You're right, nodes with liberal exit policies ("liberal" meaning allowing
> port 80, which carries pretty much every protocol these days) are going
> to keep having problems until we figure out a more fine-grained solution
> for this. Hm.

i don't think there is one, unless you want to start analysing traffic
using poor heuristics (which i suspect some of the networks my dsl
traffic is routed through are already doing).  the clean solution is
to stop treating IP addresses as identities, and to start using other
means of authorization if your host gets hurt.  as long as this
doesn't happen, things will remain in the current mess.

that's why i liked the (optional) centralized policy repository idea.
perhaps whitelists of "competent" sites would be more useful.  those
on the list can be trusted not to cause any troubles, allowing for a
new class of tor operators "exit point that doesn't bite you" between
"exit point that does" and "no exit point".  but again, there are no
guarantees, and/or maintaing that list will be a mountain of work.
i'm not so convinced of my idea any more.

matthias



(off topic / speaking of non-ideomatic language: there is another
german meaning of "Tor" besides "gate", which used to be more
fashionable a few hundred years ago, but it is still understood.  "Der
Tor" is a noun and translates to something between "confused one" and
"imbecile".  probably doesn't work in the context of onion routing,
though.  three letter words have really deep and complex ethymologies
once you check more than one language.  :-)

Attachment: signature.asc
Description: Digital signature