[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: another BADEXIT found $8424E8653469B1EFF87E79E8599933A3BAF8FDB2

On Mon, Feb 09, 2009 at 11:10:28PM -0600, Scott Bennett wrote:
>      I think it would be a useful modification for the authorities to be able
> to flag IP addresses and address ranges with BadExit in addition to being
> able to flag nicknames and key fingerprints.  That way, when a case like
> "apple" arises, its career could be greatly hindered by flagging the /24's
> of their ISPs. 

Internally, this ability exists.  In the relevant configuration file,
authority operators can mark entire IP ranges as BadExit.  This
doesn't get propagated to the consensus; instead, they automatically
vote for any OR that shows up in a marked IP range as being BadExit.
The result's the same, but the client code and the consensus format
get to stay a little simpler.