Is "gatereloaded" a Bad Exit?

Mike Perry mikeperry at fscked.org
Mon Jan 31 23:41:35 UTC 2011


Thus spake Curious Kid (letsshareinformation at yahoo.com):

> ----- Original Message ----
> 
> > From: Gregory Maxwell <gmaxwell at gmail.com>
> > To: or-talk at freehaven.net
> > Sent: Mon, January 31, 2011 6:47:37 PM
> > Subject: Re: Is "gatereloaded" a Bad Exit?
> > 
> > There are legitimate reasons why tor supports an  operator controlled
> > exit policy,  but no real suggestion has been made  for a _legitimate_
> > reason to allow 80 and block 443.
> 
> Is it possible that some people operate in a port-restricted environment or that 
> port 443 is throttled by some ISPs?

These people should not be Tor nodes. A good portion of the public
network is on port 443. If you can't reach that port, lots of circuits
clients try to build through you will fail. Failed circuits have a
negative impact on latency, esp if they were not pre-launched
predicted circuits. Byzantine circuit failures also make it difficult
to differentiate between overloaded, CPU-bound nodes, malicious nodes,
and just plain janky nodes - all of which we would like to
be able to take into account for future load balancing decisions.
Ex: https://trac.torproject.org/projects/tor/ticket/1984

> My real question concerns the scenario in which a user happens upon
> an exit that blocks HTTPS and uses that exit to access a website
> that uses a combination of HTTP and HTTPS. The HTTPS portion would
> be forced through a different exit, and the server may be programmed
> to notice the difference and break by design.
>
> For example, say you want to login somewhere, and the server notes
> that you appear to be logging in from France. The HTTPS portion
> appears to come from the United States. That disparity triggers an
> "I'm sorry..." message.

This is an excellent point, and yet another reason why we should not
allow asinine exit policies unless there is good reason for them. So
far there is still no rational reason posted why you should allow 80
and not 443 and still be considered a desirable Tor node to use. Just
a lot of handwaving about the freedom to be a jerk, and fears over
shunning volunteers who run fast exits to grab passwords. 

Moreover, I strongly believe that we should be working on converging
our choices of exit policy down to fewer options for many practical
engineering and usability reasons. Exit policies already take up an
absurd amount of capacity in terms of descriptor and even
networkstatus storage. If we can standardize on a group or groups of
ports (such as the Vidalia GUI attempts to do), we can describe sane
exit policies using much fewer bytes. And we can load balance more
intelligently among exits with standard policies, as I mentioned
before.

So to me, there are plenty of reasons to do this, and not a whole lot
of reasons not to do it, other than handwavy notions that "it
shouldn't matter", when in fact as you have pointed out, it does
matter.


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110131/c8f65076/attachment.pgp>


More information about the tor-talk mailing list