The issue is: How do you know a exit server is compromised? As a CCNP I can configure a SPAN Port in 30 seconds and suck all the exit traffic out of it without any indication for the server owner. Even if he visit his server in the data center and no one visit their servers :/
2016-04-08 1:42 GMT+02:00 Green Dream greendream848@gmail.com:
Of course, but what would they make of it? They might have 200 perfectly legitimate Tor nodes already, making a blacklist absolutely useless.
So we should do nothing? This logic makes little sense. The directory authorities already have blacklist capabilities, and add known malicious relays to it as the need arises [1]. Sniffing traffic on an exit is a good enough reason to blacklist a node, as far as I can tell. So if we did know of government running or monitoring exits for this purpose, it would be sufficient reason to blacklist. This particular case is perhaps not so clear cut but I wouldn't be so quick to dismiss the idea of blacklisting.
- The blacklist used to be published here
https://trac.torproject.org/projects/tor/wiki/doc/badRelays but it's apparently no longer published.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays