[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: path selection despite exit policies
On Mon, Apr 07, 2003 at 01:49:35PM -0400, Nick Mathewson wrote:
> "D" (servers publish
> "hostnames-that-are-me") seems to address an entirely orthogonal issue.
I'll accept that it's orthogonal. In any case, I think we want this to
happen. Is this the right way to accomplish it? I'm thinking, eg, that
indymedia should run a node for its users, and its users should be able
to use it as an exit when going to that site.
> Actually, I'd suggest a combination of "A" and "C": Client says (over
> tunnel) "Connect me to forbidden.seul.org:80". Server says (over
> tunnel) "Request to 18.244.0.188:80 denied", resolving the IP *and*
> rejecting it.
Sounds good.
I'll put that on the low-priority end of the todo, and get the port-based
acl's going first.
It would be nice also if we didn't have to suddenly build a whole new
circuit that ends at the right node. I guess we'll keep that in mind when
we switch to the incremental-path-building-with-ephemeral-keys approach.
--Roger