-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/07/15 00:31, Geoff Down wrote:
On Sun, Jul 5, 2015, at 02:26 PM, Karsten Loesing wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/07/15 14:20, teor wrote:
On 5 Jul 2015, at 19:37 , Karsten Loesing karsten@torproject.org wrote:
Actually, how about we use the same definition as for the Exit flag?
Even if a relay without the Exit flag could have possibly been used as an exit, the probability for clients to choose it is quite low.
Is that probability the same for a malicious actor though (who may have set up the relay themselves)?
A malicious actor could modify their torrc to use any relay as exit as long as that relay permits at least the address and port they want to exit to, regardless of whether that relay has the Exit flag or not.
A malicious and stupid actor would set up a non-exit relay, ssh into the box, exit somewhere, and later point to ExoneraTor saying that there was no way for anyone to exit via that relay.
A malicious and slightly smarter actor would set up an exit relay permitting just the minimum number of ports and (mostly unused) address ranges to obtain the Exit flag, configure their firewall to block just those ports and addresses, and then exit via that relay themselves.
Anyway, I guess what I'm trying to say is that this is not an exact science and there's no clearly right way to say that a relay is an exit or not. We should pick a definition that's plausible to mere mortals, and that could be:
a) whether the relay has the Exit flag, b) whether the relay permitted exiting to "web ports" 80 or 443, c) whether the relay permitted exiting to any port at all, etc.
I think a) is better than b). But do you think c) would be even better than that?
All the best, Karsten