[tor-relays] new relays
Andy Isaacson
adi at hexapodia.org
Wed Aug 28 02:34:13 UTC 2013
On Tue, Aug 27, 2013 at 11:08:34AM -0500, Jon Gardner wrote:
> Then why have exit policies? Exit nodes regularly block "unwelcome"
> traffic like bittorrent, and there's only a slight functional
> difference between that and using a filter in front of the node to
> block things like porn
The exit policy is a public statement to the Tor network by the exit
node about what traffic it is willing to transport. Users who wish to
use a particular TCP port can consult the consensus and find an exit
node which meets their needs.
By contrast, a porn blacklist would presumably prevent particular HTTP
requests from being satisfied, based on analysis of the contents of the
requests. In other words, the pornfiltering-exit-node offered to
transport port 80, but then reneged on the offer when it looked inside
the box and didn't like what it found.
If only there were a separate TCP port for HTTP-with-Porn and all the
pornographers used it, then an exit policy for "HTTP-without-porn" would
be possible. But alas, we don't even have vague agreement on what
constitutes porn, much less a social contract requiring all
pornographers to segregate their traffic for our convenience.
RFC6969, Pornographic HTTP. #ideasforapril1
Consider http://www.ietf.org/rfc/rfc3514.txt --
Firewalls, packet filters, intrusion detection systems, and
the like often have difficulty distinguishing between packets that
have malicious intent and those that are merely unusual. The problem
is that making such determinations is hard. To solve this problem,
we define a security flag, known as the "evil" bit, in the IPv4
header. Benign packets have this bit set to 0; those that
are used for an attack will have the bit set to 1.
-andy
More information about the tor-relays
mailing list