On Fri, Jan 9, 2015 at 10:26 PM, Drake Wilson drake@dasyatidae.net wrote:
eric gisse wrote:
Plus the logic starts to get warped when you wonder "So do you BadExit every node that runs on an ISP that caches traffic?"
What about ISP's (and openDNS) that NXDOMAIN trap to insert advertising?
These, I think, are more general points that have not adequately been resolved anywhere, though I think the vague consensus has been that the latter merits a BadExit at the moment. Indeed the basic idea of "exits
An external NX ad trap is a bit tertiary since the exit is truly representing its view of the net.
As far as http caching, it would be relatively fine IF the cache truly did good practice, and IF the site truly did good design for the cache to follow. However those two necessary truths are often false, whether by AND or XOR context. So to be true, a cache shouldn't be deployed, but in the interest of bandwidth they are, more commonly at small end-tier user access ISPs (including exits) for that purpose.
I'd suggest best practice is for - users to use https to bypass - caches to insert their tagline in http headers so users can bitch to the owner. - Tor exits? Well, they're volunteer paid diversity, so which is more valuable to you? The IF's above, or TCP truth at potential cost to diversity?
I prefer TCP truth, but if I was a constrained operator I'd do my best research into setting up a quality cache. Provided caching images of ill repute on disk were not an overriding concern.
Last, the badexit projects should probably try to assess the current state of caching quality in order to further suggest practices for operators.