[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: reconsidering default exit policy

Good points all.  I didn't reliza what a BOFH I was being...

On Sun, Mar 13, 2005 at 01:14:06PM -0700, Richard Johnson wrote:

:Of course, not everyone who we want to have running a tor node can be in as
:central a position.  Nor will most be as careful in advance.

This is perhaps my myopia, being not only in a central position in the
network/systems area but also at an extremely acccepting political
environment.  I didn't have to convince anyone, and other andmins know
which systems are "my hosts" and will happily point and laugh when I
get abuse complaints (just as we all laugh when we get abuse
complaints about w3c.org abuse because some dumb scanner found a dtd
uri in html spam)

The most reasonable suggestion I heard for determining a default exit
policy is the eating our own dogfood metric. Is there a to compile
some statistics on the percent of running tor routers that allow a
given port to exit?  Canonicalizing existing practice is probably a
good place to start.

as a bit of an aside how can exit policy defend against abuse of
google groups?  seems this is all port 80 and would require digging
into the application layer (i would be strongly apposed to interfering
with anonyimity in google searches).  It seems this has bprobably been
discussed so I should probably just go Read The Fine Archives :)