[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: facility for specifying that a Tor node should not be preferred?

On Tue, Jan 31, 2006 at 04:22:42PM -0800, Joseph Lorenzo Hall wrote:
> Hi, I was wondering if there was much interest in what would
> effectively be the opposite of Tor's ExitNodes argument.  That is, it
> would be nice to be able to specify that a node should never be a
> "preferred" exit node.

There is an opposite to ExitNodes -- it's called ExcludeNodes. See

But it doesn't do what you seem to want -- you cannot control how other
Tor users choose their paths, because the exit node does not (should not)
know this information.

> PS: Barring that, what's the longest set of exit policies that a node
> has ever run on? Did it cause problems?  Would it make more sense (in
> terms of network efficiency, etc.) to block exits on port 80 or to
> have a long (thousands of entries) set of exit policies?  What would
> happen if all nodes ran with exit policies that were thousands of
> lines long?

Good question. I think our current directory distribution protocol would
hurt if all of the servers have megabyte-long exit policies.

So I guess the answer for that is that rejecting *:80 is the better
plan if those are the choices.

The real answer for universities is to route their subscriptions to things
like Webster and Springer through a proxy server that uses their already
established local auth mechanism (MIT's cert system, Harvard's PIN system,
UCLA's Bruin OnLine system, etc etc). In many cases they *already* have
the proxy system in place for off-campus users, so it's just a matter of
using them in other cases too.

This would free them up from all the fears that their IP space has to be
locked down thoroughly or they'll be breaking some contract somewhere.
Then they could get back to being centers of research and innovation.

But, while some universities are becoming enlightened and heading in
this direction, there are still a lot of scared people out there.