-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 07/07/15 03:45, teor wrote:
On 7 Jul 2015, at 09:46 , josh@tucker.wales wrote:
From the perspective of someone investigating abuse, I think it's important that 'not an exit relay' means 'not capable of exiting on any port at all'. Ergo I think your option c) is the way to go.
I also think this (c) is the best option. I agree that it's important to be able to determine, from an investigatory perspective, whether or not a relay was capable of exiting on any port.
Okay, let's do c).
And, if we are going to implement "Exit" as any port, it should also be *any* IP, not just an IPv4 /8 as in the Ext flag definition.
The issue of such a definition would be that we couldn't rely on what's written in the network status consensus, but we'd have to parse server descriptors. If possible, I'd only want to use what's in the consensus for ExoneraTor's Exit column. Here's the information we can learn from the consensus:
r TorLand1 4ekiogr2CHKIJKYgutxu/Iy4wrg ZzWUBT9yjZyg/SBXixf0Ll9VlZk 2015-07-06 19:13:14 37.130.227.133 443 80 a [2a02:2498:e001:3c::133]:443 s Exit Fast Guard HSDir Running Stable V2Dir Valid v Tor 0.2.6.7 w Bandwidth=166000 p accept 20,23,43,53,79-81,88,110,143,194,220,389,443,464,531,543-544,554,563,636,706,749,873,902-904,981,989-995,1194,1220,1293,1500,1533,1677,1723,1755,1863,2082-2083,2086-2087,2095-2096,2102-2104,3128,3389,3690,4321,4643,5050,5190,5222-5223,5228,5900,6660-6669,6679,6697,8000,8008,8074,8080,8087-8088,8332-8333,8443,8888,9418,9999-10000,11371,12350,19294,19638,23456,33033,64738
For c), we'd just check if there's a "p reject 1-65535" line or not.
Here's the updated design mockup:
https://people.torproject.org/~karsten/volatile/exonerator-mockup/
Thanks, everyone, for the very useful feedback so far!
All the best, Karsten