Scroogle and Tor
Gregory Maxwell
gmaxwell at gmail.com
Mon Feb 14 02:42:48 UTC 2011
On Sun, Feb 13, 2011 at 9:34 PM, Andrew Lewman <andrew at torproject.org> wrote:
> I've talked to a few services that do one of the following:
>
> - Run a Tor exit enclave, which would only allow exit through Tor to
> your webservers. There are a few services that run a tor client and
> simply block every IP in the consensus, except their exit enclave.
[snip]
This one can be kind of lame, because some requests to an enclaved
host (in particular, the first one always) will hit some random exit.
Depending how you do the blocking this can give unexpected results.
It would be nice if there were some roadmap to fixing this, since it
really diminishes the usefulness of enclaves as a mechanism for
reducing problems due to misbehaving exits. Likewise, the extra hop
probably washes out a lot of the benefit of an enclave as a
performance enhancement (though not as much as a hidden service).
It can also be tricky to run an enclave when you DNS load-balancing
(especially with multiple datacenters): You must have an 'apparent'
Tor node on every IP that your DNS returns.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list