[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r18502: {tor} Add SSL test description for kicks. Also spell check is a wo (tor/trunk/doc/spec/proposals/ideas)

To: or-cvs@xxxxxxxxxxxxx
Subject: [or-cvs] r18502: {tor} Add SSL test description for kicks. Also spell check is a wo (tor/trunk/doc/spec/proposals/ideas)
From: mikeperry@xxxxxxxx
Date: Thu, 12 Feb 2009 05:15:32 -0500 (EST)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-cvs-outgoing@xxxxxxxx
Delivered-to: or-cvs@xxxxxxxx
Delivery-date: Thu, 12 Feb 2009 05:15:34 -0500
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx

Author: mikeperry
Date: 2009-02-12 05:15:32 -0500 (Thu, 12 Feb 2009)
New Revision: 18502

Modified:
   tor/trunk/doc/spec/proposals/ideas/xxx-exit-scanning-outline.txt
Log:

Add SSL test description for kicks. Also spell check is a
wonderfukl thign.



Modified: tor/trunk/doc/spec/proposals/ideas/xxx-exit-scanning-outline.txt
===================================================================
--- tor/trunk/doc/spec/proposals/ideas/xxx-exit-scanning-outline.txt	2009-02-12 09:54:54 UTC (rev 18501)
+++ tor/trunk/doc/spec/proposals/ideas/xxx-exit-scanning-outline.txt	2009-02-12 10:15:32 UTC (rev 18502)
@@ -1,6 +1,6 @@
 1. Scanning process
-   A. Non-HTML/JS mime types compared via SHA1 hash
-   B. Dynamic content filtered at 4 levels:
+   A. Non-HTML/JS HTTP mime types compared via SHA1 hash
+   B. Dynamic HTTP content filtered at 4 levels:
       1. IP change+Tor cookie utilization
          - Tor cookies replayed with new IP in case of changes
       2. HTML Tag+Attribute+JS comparison
@@ -11,7 +11,17 @@
            Non-Tor fetches pruned from comparison
       4. URLS with > N% of node failures removed
          - results purged from filesystem at end of scan loop
-   C. Scanner can be restarted from any point in the event
+   C. SSL scanning handles some forms of dynamic certs
+      1. Catalogs certs for all IPs resolved locally
+         by getaddrinfo over the duration of the scan. 
+         - Updated each test.
+      2. If the domain presents a new cert for each IP, this
+         is noted on the failure result for the node
+      3. If the same IP presents two different certs locally,
+         the cert list is first refreshed, and if it happens
+         again, discarded
+      4. A N% node failure filter also applies
+   D. Scanner can be restarted from any point in the event
       of scanner or system crashes, or graceful shutdown.
       - Results+scan state pickled to filesystem continuously
 2. Cron job checks results periodically for reporting
@@ -20,7 +30,7 @@
    B. write reject lines to approved-routers for those three types:
       1. ID Hex based (for misconfig/network problems easily fixed)
       2. IP based (for content modification)
-      3. IP+mask based (for continuous/eggregious content modification)
+      3. IP+mask based (for continuous/egregious content modification)
    C. Emails results to tor-scanners@xxxxxxxxxxxxx
 3. Human Review and Appeal
    A. ID Hex-based BadExit is meant to be possible to removed easily

Prev by Author: [or-cvs] r18501: {} Add exit scanning proposal outline from discussions with arm (tor/trunk/doc/spec/proposals/ideas)
Next by Author: [or-cvs] r18508: {torflow} Implement and document --rescan and --restart, for scanning (torflow/trunk/NetworkScanners)
Previous by thread: [or-cvs] r18501: {} Add exit scanning proposal outline from discussions with arm (tor/trunk/doc/spec/proposals/ideas)
Next by thread: [or-cvs] r18503: {tor} Update to the "January 23 2009" ip-to-country file (in tor/trunk: . src/config)
Index(es):
- Author
- Thread