[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Protecting exit-nodes by GeoIP based policy
- To: numE <or-talk@xxxxxxxxxxxxx>
- Subject: Re: Protecting exit-nodes by GeoIP based policy
- From: Arrakistor <arrakistor@xxxxxxxxx>
- Date: Sun, 10 Sep 2006 17:21:58 -0500
- Delivered-to: firstname.lastname@example.org
- Delivered-to: email@example.com
- Delivered-to: firstname.lastname@example.org
- Delivery-date: Sun, 10 Sep 2006 18:19:58 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:x-mailer:reply-to:organization:x-priority:message-id:to:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding; b=jIImXa5UCswz8nAx+y1Zv6D6bhVrnxwVijWT1e0zdROodDZeLMTg9MiYvfvjgRDpTjN8ePrMNGVEHmWNyzR8R3Xpzp+YdPZUAuoqDlP9VKKkRnZ0SprkkZM/MNm9OMnGGfyuPFkctnzgGMm8DCEF7EpacBYSBL6++IL911jrrN8=
- In-reply-to: <45048BD7.email@example.com>
- Organization: Torpark
- References: <firstname.lastname@example.org> <45048BD7.email@example.com>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
There is a flaw with this, which has been discussed before.
What keeps the chinese government from running a server in the US or
anywhere else? They are not limited by their borders.
Sunday, September 10, 2006, 5:04:07 PM, you wrote:
> This is a good idea.
> I had nearly the same.
> Maybe it could be solved even easier.
> The server-config just needs an option to set "mycountry".
> when establishing an onion-route the client should
> simply choose an exitnode where mycountry is not equal
> to the country of the server he wants to connect.
> so.. exitnodes of country a will connect to targets in country b and c
> and vice versa.
> basically what you suggested, but forced.
> Enrico Scholz schrieb:
>> I just had the idea which can help to protect exit-nodes against some
>> kinds of legal prosecution. Basically, it would be policy to Tor servers
>> which says "do not connect into country XY". Such a rule does not increase
>> anonymity but would require that legal actions (e.g. confiscations) must
>> be performed in another country than this where the crime happened. This
>> is a much higher hurdle, especially for lower delinquencies.
>> I see two steps how this policy can be implemented:
>> A. On client side
>> 1. add a new option, e.g. 'Jurisdiction' with possible values of
>> * 'other' ... when set, do not use an exit-node when it is the same
>> jurisdiction as the target-ip; this should be the
>> default on new installations
>> * 'same' ... use an exit-node only, when it is in the same
>> jurisdiction (just for completeness...)
>> * 'ignore' ... ignore jurisdiction (same behavior as now)
>> * a country code ... use only exit-nodes within this country; a
>> negated format should exist too
>> 2. when choosing path, use only exit-nodes which are following the
>> constraint above
>> B. On (exit-)node side
>> 1. add a new option, e.g. 'JurisdictionPolicy' which accepts country
>> codes and perhaps special values like '%same'. Behavior is similar
>> to the client side option mentioned above
>> 2. Tor protocol/meta data must be changed to transmit this option
>> 3. node forbids connections which are violating the policy
>> The decision whether a node and a target are in the same jurisdiction can
>> be done e.g. by a GeoIP like service. A problem might be the license:
>> GeoIP is GPL, Tor is BSD. Dunno, whether the database can be used freely
>> and Tor has to implement own parsing routines. Perhaps, similar projects