[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: TOR on Academic networks (problem)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On May 16, 2006, at 8:47 PM, Joseph Lorenzo Hall wrote:
On 5/16/06, Watson Ladd <watsonbladd@xxxxxxxxx> wrote:
The correct way is to put the IP's in a deny list in the config file.
This is not an option... I estimated using Netcraft's SearchDNS and
the regexs that Berkeley uses for their library proxy that this would
be an exit policy *on the order of* 10,000 entries long.
10,000 IP addresses, or domain names? We only need to block the
webservers.
btw, how does the library proxy handle this much? I think tor can do
regex matching on the ip/hosts.
As Roger has made clear elsewhere, the current directory protocol
won't scale well with exit policies of this length (or really in
general) and it would be better for the network for these nodes to
operate a middleman node instead. This is why a few of us on dorky
academic networks are trying to find other solutions. best, Joe
I think the best thing is to use a nice tree for all directory
lookups. Something tells me tor uses a slow linear search through the
file if it's not scaling O(lg n).
--
Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
<http://josephhall.org/>
Sincerely,
Watson Ladd
- ---
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither Liberty nor Safety."
- -- Benjamin Franklin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFEanUXGV+aWVfIlEMRAlu4AKCExfVMpSQpM/54cLy6J7Nj0GlrYgCgoCDo
zri/ndbMuXrMV4zusSTTLc0=
=dVsU
-----END PGP SIGNATURE-----