Matt,
Inspired by the options to confirm domain ownership with Google, Could you ask the relay operator to include a randomly generated (by you) token in their contact field? It may take a while to propagate and it requires action on the operator's part, but it's not difficult and I expect it provides the assurance you need.
On 05/03/2015 04:20 PM, Matthew Finkel wrote:
On Sun, May 03, 2015 at 12:05:49PM -0700, Aaron Hopkins wrote:
On Sun, 3 May 2015, Matthew Finkel wrote:
Or as Robert suggests, just send verification mail to the listed contact address of the relay. If they don't list one on their config, find an alternate verification mechanism like e-mailing whois contacts for the IP or domain name, or refuse the request.
I'd prefer not denying them a t-shirt because they don't want to publish an email address publically, but using whois seems like a stretch and usually ends at the hosting provider instead of the operator.
On Sun, May 03, 2015 at 06:17:20PM -0400, JovianMallard wrote:
Matt,
Inspired by the options to confirm domain ownership with Google, Could you ask the relay operator to include a randomly generated (by you) token in their contact field? It may take a while to propagate and it requires action on the operator's part, but it's not difficult and I expect it provides the assurance you need.
Thanks for the suggestion! I did consider this and other similar methods. The major disadvantage I see with this one is that there will be a historical record of when the operator requested a t-shirt. Maybe this doesn't matter, though. It's probably a better option than some of the others.
tor-relays@lists.torproject.org
-
JovianMallard -
Matthew Finkel