[tor-relays] exit policy to reflect country-wide ban

[Pascal]

Microdescriptors (Tor >0.2.3.x) broke the inclusion of specific IPs in 
exit policies (exit enclaving).  Did they break the exclusion of 
specific IPs in exit policies as well?

Russia is not the only country to implement this type of ban.  Is there 
a safe way to generalize and centralize this?  E.g. if a directory 
authority detects an exit relay is in a location known to block access 
to/MITM specific IPs/ports it automatically updates the exit policy for 
that node in the directory to exclude them.

-Pascal


On 12/4/2014 8:55 AM, Vladimir Ivanov wrote:
> hi.
>
> Recently, github was blocked in Russia (see discussion here: https://news.ycombinator.com/item?id=8692584). The ban is executed by all major ISPs (comply with this regulation is necessary to keep the telecom license so no ISP is risking to disobey), this means that if your exit node happens to be in Russia, you're out of luck when you try to connect to github.
>
> Some suggest marking exit nodes in Russia as bad exits because connecting via them leads to various problems (like node provider doing MitM on all github https connections). Here is an example: https://twitter.com/wiretapped/status/539934125293961216
>
> I think, if Russian exits operators implement reduced policy rejecting github, that would be better solution: they're still usefull for all other sites and a client would access github using a tor exit elsewhere.
>
> Do I miss something here? Are any disatvantages of this?
>
> More general, if a network, a particular exit node is connected to, blocks some IP addresses, is it wise to reflect those changes in the node's ExitPolicy?
>
> BR,
> Vladimir
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>