
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/07/15 03:45, teor wrote:
On 7 Jul 2015, at 09:46 , josh@tucker.wales wrote:
From the perspective of someone investigating abuse, I think it's important that 'not an exit relay' means 'not capable of exiting on any port at all'. Ergo I think your option c) is the way to go.
I also think this (c) is the best option. I agree that it's important to be able to determine, from an investigatory perspective, whether or not a relay was capable of exiting on any port.
Okay, let's do c).
And, if we are going to implement "Exit" as any port, it should also be *any* IP, not just an IPv4 /8 as in the Ext flag definition.
The issue of such a definition would be that we couldn't rely on what's written in the network status consensus, but we'd have to parse server descriptors. If possible, I'd only want to use what's in the consensus for ExoneraTor's Exit column. Here's the information we can learn from the consensus: r TorLand1 4ekiogr2CHKIJKYgutxu/Iy4wrg ZzWUBT9yjZyg/SBXixf0Ll9VlZk 2015-07-06 19:13:14 37.130.227.133 443 80 a [2a02:2498:e001:3c::133]:443 s Exit Fast Guard HSDir Running Stable V2Dir Valid v Tor 0.2.6.7 w Bandwidth=166000 p accept 20,23,43,53,79-81,88,110,143,194,220,389,443,464,531,543-544,554,563,636,706,749,873,902-904,981,989-995,1194,1220,1293,1500,1533,1677,1723,1755,1863,2082-2083,2086-2087,2095-2096,2102-2104,3128,3389,3690,4321,4643,5050,5190,5222-5223,5228,5900,6660-6669,6679,6697,8000,8008,8074,8080,8087-8088,8332-8333,8443,8888,9418,9999-10000,11371,12350,19294,19638,23456,33033,64738 For c), we'd just check if there's a "p reject 1-65535" line or not. Here's the updated design mockup: https://people.torproject.org/~karsten/volatile/exonerator-mockup/ Thanks, everyone, for the very useful feedback so far! All the best, Karsten -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJVm3YfAAoJEJD5dJfVqbCr9cgH/iBRWNAFA0TJhNBrJa5TtOXD b0F9DmwMbdiDixCkwpBfk+8Dik7HljPXY35fM3zZsmreG4ygoDSwc2enpTMhlYSw lqt4r1KBj5VG8L8sAg3F4EIRseho7wC3BP1eZEwj0oVtjmzTIQPBafDD7EoBszJT UKw3wiBx9wV73StJGTCbhqRl7NbeEe30pJ5IN9t1QrYDoeGCOCS0Wt8wPuhGh2Pn TKv1OEUrxA89j1l8/QN2MvQkiqWhgiaHNVp6Iom/cpZdTnYUI4EGLsKmedLy+Q1b qnnVouatFTyzdYVq7ZQjky9nr9YaTF6HdeHewi50EV9tVVJ7jo01zn2w74fOl3M= =Lklj -----END PGP SIGNATURE-----