[tor-bugs] #4923 [Tor Directory Authority]: badexiting (or rejecting) relays from certain bad countries by default

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Apr 19 21:20:22 UTC 2012 

#4923: badexiting (or rejecting) relays from certain bad countries by default
-------------------------------------+--------------------------------------
 Reporter:  arma                     |          Owner:                  
     Type:  enhancement              |         Status:  new             
 Priority:  normal                   |      Milestone:  Tor: unspecified
Component:  Tor Directory Authority  |        Version:                  
 Keywords:                           |         Parent:                  
   Points:                           |   Actualpoints:                  
-------------------------------------+--------------------------------------

Comment(by nickm):

 I think that there is a level of bad-ISP quality that should be sufficient
 to BadExit all nodes at that ISP.  For instance, if an ISP routinely
 MITM'd all the traffic leaving it, and you couldn't turn it off, and we
 couldn't work around it, that would seem like sufficient reason to badexit
 the ISP to me.  I don't see a reason to take a different position about
 nations that go into the shitty-ISP business.

 That said, we must be clear that this is only something we do in response
 to bad network behaviors, not to other judgments about countries.

 To be clear, I don't have the information about which countries have risen
 to the level of "You can't run a good exit there even if you want to."

 More discussion and wider discussion is always warranted.  If you agree
 with badexiting syria and iran, it might be smart to think about what it
 would take for us to BadExit {us} or {de}.  If you don't agree with
 badexiting syria or iran, you might want to ask yourself whether there's
 *anything* that an ISP or a country could to its network that would make
 using all exits there a bad idea.  Like, MITMing ssl certs?  Malware
 injection?

 (With my solve-all-problems-through-tech hat on: I think it's not a bad
 thing to have directory authorities disagree with each other.  I really
 want to implement the proposals in 0.2.4 that would allow authorities to
 vote on specific instances of flags without having to take a stand on
 every router having that flag.)

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4923#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list