[or-cvs] r10232: Eased up geoip-configuration by introducing a GeoIPConfig-cl (torflow/trunk/TorCtl)

Roger Dingledine arma at mit.edu
Mon May 21 11:32:19 UTC 2007

Hi Johannes,

A few thoughts below:

On Sun, May 20, 2007 at 06:20:15PM -0400, renner at seul.org wrote:
> Author: renner
> Date: 2007-05-20 18:20:09 -0400 (Sun, 20 May 2007)
> New Revision: 10232
> Modified:
>    torflow/trunk/TorCtl/GeoIPSupport.py
>    torflow/trunk/TorCtl/PathSupport.py
> Log:
>   Eased up geoip-configuration by introducing a GeoIPConfig-class and added ExcludeCountriesRestriction
>   to exclude a list of countries from route selection.
> Modified: torflow/trunk/TorCtl/GeoIPSupport.py
> ===================================================================
> --- torflow/trunk/TorCtl/GeoIPSupport.py	2007-05-20 20:16:45 UTC (rev 10231)
> +++ torflow/trunk/TorCtl/GeoIPSupport.py	2007-05-20 22:20:09 UTC (rev 10232)
> +# Class to configure GeoIP-based path building
> +class GeoIPConfig:
> +  def __init__(self, unique_countries, src_country, crossings, excludes):    
> +    # Do not use a country twice in a route
> +    self.unique_countries = unique_countries

Make sure you've looked through the routing-zones paper:

Also, Steven Murdoch has a follow-on paper at this year's PET, pointing
out some other issues with the underlying routing between Tor servers,
but to my knowledge he hasn't posted a draft yet.

More generally, is there a write-up somewhere of what properties we're
aiming to provide, or know we don't provide, etc with respect to this
geolocation stuff?

(It's fine to play around and decide what you want and then write it up
once you have a better intuition of what you want... I'm just asking in
case there is something written up, in which case maybe we should check
it in somewhere. :)

> Modified: torflow/trunk/TorCtl/PathSupport.py
> ===================================================================
> --- torflow/trunk/TorCtl/PathSupport.py	2007-05-20 20:16:45 UTC (rev 10231)
> +++ torflow/trunk/TorCtl/PathSupport.py	2007-05-20 22:20:09 UTC (rev 10232)
>  # Ensure every router to have distinct country
>  class UniqueCountryRestriction(PathRestriction):
>    def r_is_ok(self, path, router):
>      for r in path:
>        if router.country_code == r.country_code:
> +        # Exceptionally allow US because of so many states
> +        if router.country_code == "US": return True	  
>          return False
>      return True

This is an interesting exception. Are you thinking that going through
two difference US states is the same level of jurisdictional arbitrage
as going through two different countries elsewhere? Because in many cases
that's probably not true. We're one big country over here, not a bunch of
different states, despite what you may have read in our constitution. :)

This also brings up the question of how organized various EU countries
are at coordinating and sharing snooping information.

Which leads to the question of what we're actually trying to accomplish
with the UniqueCountryRestriction idea.

Fun stuff,

More information about the tor-dev mailing list