TOR on Academic networks (problem)
Watson Ladd
watsonbladd at gmail.com
Wed May 17 00:57:59 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On May 16, 2006, at 8:47 PM, Joseph Lorenzo Hall wrote:
> On 5/16/06, Watson Ladd <watsonbladd at gmail.com> wrote:
>> The correct way is to put the IP's in a deny list in the config file.
>
> This is not an option... I estimated using Netcraft's SearchDNS and
> the regexs that Berkeley uses for their library proxy that this would
> be an exit policy *on the order of* 10,000 entries long.
10,000 IP addresses, or domain names? We only need to block the
webservers.
btw, how does the library proxy handle this much? I think tor can do
regex matching on the ip/hosts.
> As Roger has made clear elsewhere, the current directory protocol
> won't scale well with exit policies of this length (or really in
> general) and it would be better for the network for these nodes to
> operate a middleman node instead. This is why a few of us on dorky
> academic networks are trying to find other solutions. best, Joe
I think the best thing is to use a nice tree for all directory
lookups. Something tells me tor uses a slow linear search through the
file if it's not scaling O(lg n).
> --
> Joseph Lorenzo Hall
> PhD Student, UC Berkeley, School of Information
> <http://josephhall.org/>
Sincerely,
Watson Ladd
- ---
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither Liberty nor Safety."
- -- Benjamin Franklin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFEanUXGV+aWVfIlEMRAlu4AKCExfVMpSQpM/54cLy6J7Nj0GlrYgCgoCDo
zri/ndbMuXrMV4zusSTTLc0=
=dVsU
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list