[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Scroogle and Tor



On Sun, Feb 13, 2011 at 9:34 PM, Andrew Lewman <andrew@xxxxxxxxxxxxxx> wrote:
> I've talked to a few services that do one of the following:
>
> - Run a Tor exit enclave, which would only allow exit through Tor to
> Âyour webservers. ÂThere are a few services that run a tor client and
> Âsimply block every IP in the consensus, except their exit enclave.
[snip]

This one can be kind of lame, because some requests to an enclaved
host (in particular, the first one always) will hit some random exit.
Depending how you do the blocking this can give unexpected results.

It would be nice if there were some roadmap to fixing this, since it
really diminishes the usefulness of enclaves as a mechanism for
reducing problems due to misbehaving exits. Likewise, the extra hop
probably washes out a lot of the benefit of an enclave as a
performance enhancement (though not as much as a hidden service).

It can also be tricky to run an enclave when you DNS load-balancing
(especially with multiple datacenters): You must have an 'apparent'
Tor node on every IP that your DNS returns.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/