[tor-relays-universities] Tor on Campus

Roger Dingledine arma at mit.edu
Sat Sep 20 14:57:38 UTC 2014

On Sat, Sep 20, 2014 at 04:57:05AM -0400, Ian Goldberg wrote:
> The main sticking point when switching from a middle to an exit node was
> in obtaining a non-university IP address, since apparently journal
> publishers just whitelist the university's IP block for subscription
> purposes, and we wouldn't want people coming out of our exit node to get
> access to those subscriptions.  (Worse, no one at the university had a
> list of those subscriptions that we could just block with an exit
> policy. YMMV.)

There are two technical issues in Tor that make it hard to just pop
in a list, even if you can manage to get one.

First, if your list is many thousands of lines, like the one that the
EecsUmichExit1 tried to use, then we'll end up with log lines at the
directory authorities like

Aug 27 21:22:10.365 [notice] Somebody attempted to publish a router
descriptor 'EecsUmichExit1' (source: with size 94389.
Either this is an attack, or the MAX_DESCRIPTOR_UPLOAD_SIZE (20000)
constant is too low.

and then the relay will go unused.

Second, with the move to microdescriptors, clients only get a "summary"
exit policy -- it lists ports but not addresses. So if you allow
exiting to port 80 but actually secretly you don't allow a lot of common
destinations, then clients won't be able to predict which ones you'll
refuse. Things will still work, meaning the client will ask you to exit to
that destination, you'll send back an end cell with reason exitpolicy, and
they'll try a different exit. But it will still slow things down for them.

So in summary, it is much better to put your exit relay on an IP
address that isn't implicitly trusted by a bunch of places you don't
want trust from.


More information about the tor-relays-universities mailing list