[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: General question about exit policies...



On 06/30/2009 10:20 PM, Michael wrote:
>    accept *.google.com:80

thinking aloud...

What if:

o Google was supportive of "good" uses of Tor, for its services
o Google ran an exit in its IP space(s) matching the exits as masked above
o Tor had a method to back-propagate signed kill commands based on the
key of the originating node

Then, if Google were being abused by a spammer running tor, it could
sign a message, originating in its IP space, asking to kill requests for
its IP space from a particular tor entry (these would have to expire
fairly soon).  Tor nodes could note, exchange, and drop those
connections.  Such messages from other IP spaces would be ignored.

If abusers are hard to catch and rampantly abusing tor this could lead
to really big tables.  But short of that it might make for Tor being too
hard to use for abuse, and disinterest those people.

Problems would be: Google being evil, somebody with control of lots of
IP spaces joining tor and trying to fill relays' memory with lots of
such rules.  An additional layer of trust could be built outside tor
such that somebody at Tor project could sign Google's kill key, using
PGP WOT or similar; even X.509 if we trust that (throw up a CSR-like
thing on webpage secured by HTTPS).

To the extent that somebody like Google has lots of data centers,
anycasts, etc., their cost would be higher to implement such policies,
but probably they have the capacity.

-Bill

-- 
Bill McGonigle, Owner           Work: 603.448.4440
BFC Computing, LLC              Home: 603.448.1668
http://www.bfccomputing.com/    Cell: 603.252.2606
Twitter, etc.: bill_mcgonigle   Page: 603.442.1833
Email, IM, VOIP: bill@xxxxxxxxxxxxxxxx
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf