Re: Protecting exit-nodes by GeoIP based policy

[Enrico Scholz <enrico.scholz@xxxxxxxxxxxxxxxxxxxxxxxxx>]

lexi@xxxxxxxxxxxxxxxxxxxxxxxxxxxx (Lexi Pimenidis) writes:

>> A. On client side
> ...
> Relying on the client side doesn't help the exit node operators much.

yes; first step still allows malicious clients to bring certain exit-nodes
in trouble.

But I guess/hope, that most clients are interested in an operational/fast
Tor network and want to protect exit-nodes.


>> B. On (exit-)node side
>> 
>>  1. add a new option, e.g. 'JurisdictionPolicy' which accepts country
>>     codes and perhaps special values like '%same'. Behavior is similar
>>     to the client side option mentioned above
>> 
>>  2. Tor protocol/meta data must be changed to transmit this option
> ...
> Maybe later today I might write a small bash-script

Due to the enormous amount of rules, it will require more than a bash
script. The Tor protocol must be changed to express such a policy, and
there must be precautions that clients and servers are using the same
GeoIP database. That's nothing which can be done "today" ;)

Or... just a quick idea... what's about an RBL like DNS mapping? E.g.:

1. There exists somewhere a DNS server which maps '<IP>.something'
   to an IP like '10.0.0.<CODE>' where <CODE> identifies a country
   (e.g. 1...Germany, 2...France...)

2. Tor servers resolve additionally '<IP>.something' and apply the usual
   ExitPolicy which contains the IP <-> Country mapping from above.


This requires still changes in both clients and servers but no protocol
changes.

Problems:

1. There must be found a better IP range than 10.0.0.0...
2. DNS lookup must be done in a secure/anonymous way



Enrico