[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: selecting Node lists by criteria?



Nick focused on the difficulty of making this work. It is important
to also remember that the anonymity implications of these choices is
far from clear (even farther from clear than even the choices that
are already in the design ;>). In this respect it is even
worse than padding. People can play with attempts, but until there
is a clearer understanding of why as well as how, this is not likely
to be a focus of primary developer attention.

aloha,
Paul

On Mon, Sep 05, 2005 at 02:45:41AM -0400, Nick Mathewson wrote:
> On Sun, Sep 04, 2005 at 11:35:07PM -0700, OpenMacNews wrote:
> > hi all,
> > 
> > is it possible to specify Node 'collections', i.e. the arg lists for:
> > 
> >    NodeFamily
> >    EntryNodes
> >    ExitNodes
> >    ExcludeNodes
> >    RendNodes
> > 
> > by individual criteria?
> > 
> > e.g.,
> > 
> >    EntryNodes == ONLY nodes in US
> >    ExcludeNodes == nodes w/ bandwidth bet AAA & BBB
> >    RendNode == anything BUT china
> 
> Not as Tor is currently implemented.  As you note above, implementing
> this feature would require us to build a general-purpose expression
> language into Tor.  That would be a neat trick, but kind of wasteful:
> the world already has hundreds of decent programming languages, and
> building a special purpose one wouldn't do much good.
> 
> Also, it wouldn't be enough.  If we implemented what you describe
> above, people would want to specify rules for node selection that
> depended on factors other than individual node position within the
> circuit.  You'd get reference to other nodes ("Choose exit nodes in
> the US if the entry node is not in the US"), references to desired
> stream targets ("Choose exit node in same country as target website"),
> references to other current circuits ("Choose exit node different from
> any currently in use") and references to older circuits ("Choose the
> same exit node we used to connect to this website last time").  And
> more!
> 
> What we've done instead is make it pretty easy to override Tor's
> circuit building strategy with an external controller program.
> Interested programmers should check out the documentation, interface
> libraries, and demo code at
>      http://tor.eff.org/dist/torctl-0.1.tar.gz
> 
> (For another challenge, you'd have the problem that there isn't a
> really reliable way to map IP to country.  Also, restricting nodes by
> country can be insufficient.  Suppose that I wanted to restrict France
> (for example) from interfering with my connection to my entry node.
> It's not enough to choose an entry node outside of France!  I also
> need to make sure that the connection to my entry node doesn't pass
> though France.  If I'm worried about legal attacks, I need to be
> concerned about nodes whose owners and operators are in France,
> regardless of where they themselves are located.  It can get pretty hard.)
> 
> hth,
> -- 
> Nick Mathewson