On Tue, Nov 08, 2005 at 10:14:31PM -0500, Anthony DiPierro wrote: > How hard would it be to run a Tor exit node which accepts GET requests but > not POST requests? Or, possibly, POST requests could simply be passed on to > another Tor exit node? Would it be ethical to do this? You'd have to examine > the traffic to see if it was a GET or a POST, but you wouldn't have to store > anything. The difference between filtering by transport-layer headers (e.g. port number) and filtering by application-layer headers (e.g. HTTP request type) is one of degree, not one of kind. Whether it is ethical to do this is debatable. However, right now there does not exist a way to describe this sort of filtering in the exit policy, and thus may degrade client performance. Also, it is not possible (without substantial modification to Tor) to simply pass along the request to another Tor node, since this would mean somehow extending the circuit and reattaching the stream in-flight! Intuitively, if there were a magical box that could filter out "evil" traffic while allowing all "good" traffic to pass, it would be great to deploy it at every exit node. However, the nature of communication is such that this is either difficult or impossible to quantify. A more pressing problem that still needs to be addressed is, how do we deal with cases in which such filtering is happening already? Not only can Tor node operators firewall their exits, but their upstream ISPs can null-route traffic to particular destinations... Geoff
Attachment:
signature.asc
Description: Digital signature