[prev in list] [next in list] [prev in thread] [next in thread]
List: tor-dev
Subject: Re: [tor-dev] Proposal 205: Remove global client-side DNS caching
From: Nick Mathewson <nickm () alum ! mit ! edu>
Date: 2012-12-19 1:05:08
Message-ID: CAKDKvuy5219LsSpckX_WvsHDr-vwGJmtZ=nPJ=YrJoCBi29Kkg () mail ! gmail ! com
[Download RAW message or body]
On Tue, Dec 18, 2012 at 6:42 PM, Roger Dingledine <arma@mit.edu> wrote:
> On Thu, Nov 29, 2012 at 06:14:23PM +0000, Julian Yon wrote:
>> (3) Don't bother trying to ascertain the full exit policy, but rather
>> maintain a simple table of exit/IP/port combinations that have been
>> rejected and consult it when building/using circuits. This requires no
>> protocol changes (win!) at the cost of no longer blacklisting dishonest
>> exits entirely. Some mechanism for expiring entries would probably be a
>> good idea, and/or maybe hold it in a circular list so that there's a
>> maximum number.
>
> I had this same thought while rereading my earlier message: just prepend
> a reject rule for this ip:port to our local version of the relay's
> exit policy.
>
> It does let the exit "tag" you with an IP:port combo that you'll never
> come back to it with. But that seems a small risk compared to the risk
> of an exit relay with a complex enough policy that it causes clients to
> spend two circuits for fetching each component of web pages.
Good idea! I've added it to
https://trac.torproject.org/projects/tor/ticket/7582
--
Nick
_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic