Protecting exit-nodes by GeoIP based policy

[Enrico Scholz]

arrakistor at gmail.com (Arrakistor) writes:

> What kind of policy did you have in mind in which the exit nodes would
> detect and base a decision on?

GeoIP (http://www.maxmind.com/app/c) is a candidate but I am not sure
about licensing.

Blocking/allowing a connection would be signaled in a similar way like
for current 'ExitPolicy'.


> From what i see, the only policy would be "determine if destination
> address is in same jurisdiction as tor server, if so, deny, else ok."

Yes; basically that's my idea. But I would increase configurability;
e.g. allow to define jurisdiction (e.g. when having my tor server
somewhere in the Caribbean, I would count Caribbean and Germany to my
jurisdiction; ditto for things like single Germany or whole Europe).

You will have to add rules for hosts not covered by the GeoIP database
too (either allow them, or forbid them).


> This doesn't sound like a bad idea, and I guess it could be client or
> server implemented.

Doing it voluntarily on the client would be step 1 and can be done
immediately after implementing the feature.

Enforcing it on the server would be step 2 and needs some time, because
every client would have to know how to interpret the new exit policy.



Enrico
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 480 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060911/aba18483/attachment.pgp>