[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 205: Remove global client-side DNS caching

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal 205: Remove global client-side DNS caching
From: Roger Dingledine <arma@xxxxxxx>
Date: Tue, 18 Dec 2012 18:42:00 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 18 Dec 2012 18:42:11 -0500
In-reply-to: <20121129181423.19497456@numenor>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuwGQEnDziPcvvvijtLebFGjRPxOh6n5AHxitmU2XzeT2g@xxxxxxxxxxxxxx> <CAKDKvuxTM5r-zg3EM7Dmb0iJPiNaZ2CLT3eO-jb1v06+tbKxHA@xxxxxxxxxxxxxx> <20121127054928.GV15647@xxxxxxxxxxxxxx> <20121127150817.4a8b1175@numenor> <CAKDKvuwzy7feMmfBU7Osc7K1AmOHs4nFYpC1kyF9x6cZ+venZQ@xxxxxxxxxxxxxx> <20121129181423.19497456@numenor>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.20 (2009-06-14)

On Thu, Nov 29, 2012 at 06:14:23PM +0000, Julian Yon wrote:
> (3) Don't bother trying to ascertain the full exit policy, but rather
> maintain a simple table of exit/IP/port combinations that have been
> rejected and consult it when building/using circuits. This requires no
> protocol changes (win!) at the cost of no longer blacklisting dishonest
> exits entirely. Some mechanism for expiring entries would probably be a
> good idea, and/or maybe hold it in a circular list so that there's a
> maximum number.

I had this same thought while rereading my earlier message: just prepend
a reject rule for this ip:port to our local version of the relay's
exit policy.

It does let the exit "tag" you with an IP:port combo that you'll never
come back to it with. But that seems a small risk compared to the risk
of an exit relay with a complex enough policy that it causes clients to
spend two circuits for fetching each component of web pages.

--Roger

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Proposal 205: Remove global client-side DNS caching
  - From: Nick Mathewson

Prev by Author: Re: [tor-dev] Flashproxy alpha bundles
Next by Author: Re: [tor-dev] Brainstorming a Tor censorship analysis tool
Previous by thread: Re: [tor-dev] Proposal: Tuning the Parameters for the Path Bias Defense
Next by thread: Re: [tor-dev] Proposal 205: Remove global client-side DNS caching
Index(es):
- Author
- Thread