On Wed, Jan 31, 2018 at 11:41:00AM +0000, nusenu wrote:
Comment (by arma):
I continue to think that teaching exit relays to avoid allowing exit connections to known relays (IP:ORPort) is a good and useful step.
We keep running across messy situations where letting somebody connect to a relay from an exit relay's IP address turns into a security surprise.
Does that mean that exits will no longer be able to run tor clients (ie. to run apt updates via tor)?
No, they are unrelated. The things you describe would be connections made by the Tor client, and the things I describe would be connections made by building a circuit to the exit and sending a begin cell.
(Also, if you want to reply to a trac ticket comment, the strategy of responding on the tor-relays list is a very odd approach. :)
--Roger