> Another down side is that we'd need some way to keep people from > opting out *other* sites -- effectively DoSing them. Plus, as you say, yes, i was afraid you wouldn't like it. good points, though. > Also, it's not clear how services would realize that Tor is doing the > connections. How does this work for bugmenot? i understand it's very primitive. if you don't like them, you tell them and they'll blacklist you manually. > You're right, nodes with liberal exit policies ("liberal" meaning allowing > port 80, which carries pretty much every protocol these days) are going > to keep having problems until we figure out a more fine-grained solution > for this. Hm. i don't think there is one, unless you want to start analysing traffic using poor heuristics (which i suspect some of the networks my dsl traffic is routed through are already doing). the clean solution is to stop treating IP addresses as identities, and to start using other means of authorization if your host gets hurt. as long as this doesn't happen, things will remain in the current mess. that's why i liked the (optional) centralized policy repository idea. perhaps whitelists of "competent" sites would be more useful. those on the list can be trusted not to cause any troubles, allowing for a new class of tor operators "exit point that doesn't bite you" between "exit point that does" and "no exit point". but again, there are no guarantees, and/or maintaing that list will be a mountain of work. i'm not so convinced of my idea any more. matthias (off topic / speaking of non-ideomatic language: there is another german meaning of "Tor" besides "gate", which used to be more fashionable a few hundred years ago, but it is still understood. "Der Tor" is a noun and translates to something between "confused one" and "imbecile". probably doesn't work in the context of onion routing, though. three letter words have really deep and complex ethymologies once you check more than one language. :-)
Attachment:
signature.asc
Description: Digital signature