[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: selecting Node lists by criteria?
On Sun, Sep 04, 2005 at 11:35:07PM -0700, OpenMacNews wrote:
> hi all,
>
> is it possible to specify Node 'collections', i.e. the arg lists for:
>
> NodeFamily
> EntryNodes
> ExitNodes
> ExcludeNodes
> RendNodes
>
> by individual criteria?
>
> e.g.,
>
> EntryNodes == ONLY nodes in US
> ExcludeNodes == nodes w/ bandwidth bet AAA & BBB
> RendNode == anything BUT china
Not as Tor is currently implemented. As you note above, implementing
this feature would require us to build a general-purpose expression
language into Tor. That would be a neat trick, but kind of wasteful:
the world already has hundreds of decent programming languages, and
building a special purpose one wouldn't do much good.
Also, it wouldn't be enough. If we implemented what you describe
above, people would want to specify rules for node selection that
depended on factors other than individual node position within the
circuit. You'd get reference to other nodes ("Choose exit nodes in
the US if the entry node is not in the US"), references to desired
stream targets ("Choose exit node in same country as target website"),
references to other current circuits ("Choose exit node different from
any currently in use") and references to older circuits ("Choose the
same exit node we used to connect to this website last time"). And
more!
What we've done instead is make it pretty easy to override Tor's
circuit building strategy with an external controller program.
Interested programmers should check out the documentation, interface
libraries, and demo code at
http://tor.eff.org/dist/torctl-0.1.tar.gz
(For another challenge, you'd have the problem that there isn't a
really reliable way to map IP to country. Also, restricting nodes by
country can be insufficient. Suppose that I wanted to restrict France
(for example) from interfering with my connection to my entry node.
It's not enough to choose an entry node outside of France! I also
need to make sure that the connection to my entry node doesn't pass
though France. If I'm worried about legal attacks, I need to be
concerned about nodes whose owners and operators are in France,
regardless of where they themselves are located. It can get pretty hard.)
hth,
--
Nick Mathewson