[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Protecting exit-nodes by GeoIP based policy



On Sun, Sep 10, 2006 at 11:58:11PM CEST, Enrico Scholz wrote:

> A. On client side
> 
>  1. add a new option, e.g. 'Jurisdiction' with possible values of
>     * 'other'  ... when set, do not use an exit-node when it is the same
>                    jurisdiction as the target-ip; this should be the
>                    default on new installations
>     * 'same'   ... use an exit-node only, when it is in the same
>                    jurisdiction (just for completeness...)
>     * 'ignore' ... ignore jurisdiction (same behavior as now)
>     * a country code  ...  use only exit-nodes within this country; a
>                    negated format should exist too

Relying on the client side doesn't help the exit node operators much.

> B. On (exit-)node side
> 
>  1. add a new option, e.g. 'JurisdictionPolicy' which accepts country
>     codes and perhaps special values like '%same'. Behavior is similar
>     to the client side option mentioned above
> 
>  2. Tor protocol/meta data must be changed to transmit this option
> 
>  3. node forbids connections which are violating the policy
> 
> The decision whether a node and a target are in the same jurisdiction can
> be done e.g. by a GeoIP like service. A problem might be the license:
> GeoIP is GPL, Tor is BSD. Dunno, whether the database can be used freely
> and Tor has to implement own parsing routines. Perhaps, similar projects
> exist.

Maybe later today I might write a small bash-script that takes
GeoIP-Data and a tor-operators wishes and creates a set of
exit-policies. Then you have two separated solutions (thus the licenses
should not clash) and can integrate that in your current setup.

-- Lexi

-- 
Yeji.-Edarzv. Inpe Jevndeyew, Zxqv 4222, Lni: +49 241 80 21419
ZGLO Xxhond, Edarzvxleb EF, Xorzdwlz. 55 - 52056 Xxhond - Cnzvxds
| Yzqv wney dqz tzxf qdy mnecl nqho vqwlnzoxal,
| Ixwwl Joxdlxwen, vel xiind eoznd Hornznd,
| Fnzdqdal, Fnzwlxdy, Nvjaedyqdc, Ineyndwhoxal,
| Yrho, vnzbl nqho groi! dehol rodn Dxzzonel ornznd.

Attachment: signature.asc
Description: Digital signature