Protecting exit-nodes by GeoIP based policy
Lexi Pimenidis
lexi at i4.informatik.rwth-aachen.de
Mon Sep 11 08:12:46 UTC 2006
On Sun, Sep 10, 2006 at 11:58:11PM CEST, Enrico Scholz wrote:
> A. On client side
>
> 1. add a new option, e.g. 'Jurisdiction' with possible values of
> * 'other' ... when set, do not use an exit-node when it is the same
> jurisdiction as the target-ip; this should be the
> default on new installations
> * 'same' ... use an exit-node only, when it is in the same
> jurisdiction (just for completeness...)
> * 'ignore' ... ignore jurisdiction (same behavior as now)
> * a country code ... use only exit-nodes within this country; a
> negated format should exist too
Relying on the client side doesn't help the exit node operators much.
> B. On (exit-)node side
>
> 1. add a new option, e.g. 'JurisdictionPolicy' which accepts country
> codes and perhaps special values like '%same'. Behavior is similar
> to the client side option mentioned above
>
> 2. Tor protocol/meta data must be changed to transmit this option
>
> 3. node forbids connections which are violating the policy
>
> The decision whether a node and a target are in the same jurisdiction can
> be done e.g. by a GeoIP like service. A problem might be the license:
> GeoIP is GPL, Tor is BSD. Dunno, whether the database can be used freely
> and Tor has to implement own parsing routines. Perhaps, similar projects
> exist.
Maybe later today I might write a small bash-script that takes
GeoIP-Data and a tor-operators wishes and creates a set of
exit-policies. Then you have two separated solutions (thus the licenses
should not clash) and can integrate that in your current setup.
-- Lexi
--
Yeji.-Edarzv. Inpe Jevndeyew, Zxqv 4222, Lni: +49 241 80 21419
ZGLO Xxhond, Edarzvxleb EF, Xorzdwlz. 55 - 52056 Xxhond - Cnzvxds
| Yzqv wney dqz tzxf qdy mnecl nqho vqwlnzoxal,
| Ixwwl Joxdlxwen, vel xiind eoznd Hornznd,
| Fnzdqdal, Fnzwlxdy, Nvjaedyqdc, Ineyndwhoxal,
| Yrho, vnzbl nqho groi! dehol rodn Dxzzonel ornznd.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 200 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060911/305973e7/attachment.pgp>
More information about the tor-talk
mailing list