[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: TOR on Academic networks (problem)

Hash: SHA1

On May 16, 2006, at 8:47 PM, Joseph Lorenzo Hall wrote:

On 5/16/06, Watson Ladd <watsonbladd@xxxxxxxxx> wrote:
The correct way is to put the IP's in a deny list in the config file.

This is not an option... I estimated using Netcraft's SearchDNS and the regexs that Berkeley uses for their library proxy that this would be an exit policy *on the order of* 10,000 entries long.
10,000 IP addresses, or domain names? We only need to block the webservers.
btw, how does the library proxy handle this much? I think tor can do regex matching on the ip/hosts.
As Roger has made clear elsewhere, the current directory protocol
won't scale well with exit policies of this length (or really in
general) and it would be better for the network for these nodes to
operate a middleman node instead.  This is why a few of us on dorky
academic networks are trying to find other solutions. best, Joe
I think the best thing is to use a nice tree for all directory lookups. Something tells me tor uses a slow linear search through the file if it's not scaling O(lg n).
Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information

Watson Ladd
- ---
"Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety."
- -- Benjamin Franklin

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin)