path selection despite exit policies

Paul Syverson syverson at
Mon Apr 7 18:58:28 UTC 2003

Before I could respond, I ended up talking to Roger on the phone and
deciding most of my responses were all mooted before I could type
them. I agree with everything that Roger and Nick said in the last few
messages.  I think in general we should try to as much as possible do
one job well. Keep the code base, smaller, cleaner, more focused, etc.
So if you want secure DNS, get it elsewhere, we'll just build you the
anonymous pipe to your trusted location, whose IP address you should
have obtained otherwise.

I also think we could get most of the job done in the directory
servers. The exit policy is IP based, but the policy for choosing IP
addresses is probably set by people who have reasons more closely tied
to the what the domain name is for. Thus, we can have useful domain
names in the directory servers for accepted or prohibited address
ranges wrt exit nodes. This won't rule out all exit policy clashes
with connection attempts, but probably most. Especially if the
policies are kept relatively simple.

I agree that this should be lower priority however.


More information about the tor-dev mailing list