[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: another BADEXIT found $8424E8653469B1EFF87E79E8599933A3BAF8FDB2
On Mon, Feb 09, 2009 at 11:10:28PM -0600, Scott Bennett wrote:
> I think it would be a useful modification for the authorities to be able
> to flag IP addresses and address ranges with BadExit in addition to being
> able to flag nicknames and key fingerprints. That way, when a case like
> "apple" arises, its career could be greatly hindered by flagging the /24's
> of their ISPs.
Internally, this ability exists. In the relevant configuration file,
authority operators can mark entire IP ranges as BadExit. This
doesn't get propagated to the consensus; instead, they automatically
vote for any OR that shows up in a marked IP range as being BadExit.
The result's the same, but the client code and the consensus format
get to stay a little simpler.