[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 205: Remove global client-side DNS caching

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal 205: Remove global client-side DNS caching
From: Nick Mathewson <nickm@xxxxxxxxxxxx>
Date: Tue, 18 Dec 2012 20:05:08 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 18 Dec 2012 20:05:19 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=F6my2sXUbaQ+rt3IS1iWlmH89m7TrMP2dfiHYqsQUGU=; b=AKIIbiH4IwqG2Fz1cVe6D2A6XaML27vaovMX5ueX2VIYyEgzcg4kfIH9JVmwaeoLip joHGV/ztzyRY3K0rceCtowgqlSXvdMsh86ogotvGKm3axmYZzFbCsxkx522//IjCu0I/ 7bWIoOrw85sVvF6CqfRlpbj6bYqkVKzEjTHKLzBfoiUzWDej9mSTtLsdgi5HSwuuVbJi HLlaElvCLW3zfQfqwQNsA47c1FQd0raDCQD/vPjzElaKqnmmK0eC54WgF6mzjBfCZfXx ISrJe6+D5lbLx4JdutXPGaOrqnaJukUxjAXjQrCBGnJr80NgLxRdFys867TOHxJUvZbW YiKg==
In-reply-to: <20121218234200.GK5636@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuwGQEnDziPcvvvijtLebFGjRPxOh6n5AHxitmU2XzeT2g@xxxxxxxxxxxxxx> <CAKDKvuxTM5r-zg3EM7Dmb0iJPiNaZ2CLT3eO-jb1v06+tbKxHA@xxxxxxxxxxxxxx> <20121127054928.GV15647@xxxxxxxxxxxxxx> <20121127150817.4a8b1175@numenor> <CAKDKvuwzy7feMmfBU7Osc7K1AmOHs4nFYpC1kyF9x6cZ+venZQ@xxxxxxxxxxxxxx> <20121129181423.19497456@numenor> <20121218234200.GK5636@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx

On Tue, Dec 18, 2012 at 6:42 PM, Roger Dingledine <arma@xxxxxxx> wrote:
> On Thu, Nov 29, 2012 at 06:14:23PM +0000, Julian Yon wrote:
>> (3) Don't bother trying to ascertain the full exit policy, but rather
>> maintain a simple table of exit/IP/port combinations that have been
>> rejected and consult it when building/using circuits. This requires no
>> protocol changes (win!) at the cost of no longer blacklisting dishonest
>> exits entirely. Some mechanism for expiring entries would probably be a
>> good idea, and/or maybe hold it in a circular list so that there's a
>> maximum number.
>
> I had this same thought while rereading my earlier message: just prepend
> a reject rule for this ip:port to our local version of the relay's
> exit policy.
>
> It does let the exit "tag" you with an IP:port combo that you'll never
> come back to it with. But that seems a small risk compared to the risk
> of an exit relay with a complex enough policy that it causes clients to
> spend two circuits for fetching each component of web pages.

Good idea!  I've added it to
https://trac.torproject.org/projects/tor/ticket/7582

-- 
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- Re: [tor-dev] Proposal 205: Remove global client-side DNS caching
  - From: Roger Dingledine

Prev by Author: Re: [tor-dev] Proposal 205: Remove global client-side DNS caching
Next by Author: [tor-dev] Testing in Tor [was Re: Brainstorming a Tor censorship analysis tool]
Previous by thread: Re: [tor-dev] Proposal 205: Remove global client-side DNS caching
Next by thread: Re: [tor-dev] Proposal 205: Remove global client-side DNS caching
Index(es):
- Author
- Thread