[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Scroogle and Tor
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Scroogle and Tor
- From: Gregory Maxwell <gmaxwell@xxxxxxxxx>
- Date: Sun, 13 Feb 2011 21:42:48 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sun, 13 Feb 2011 21:42:54 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type:content-transfer-encoding; bh=Y7ZFFglQleReFZCLU97JACTH/q34EakYrunsLNLliOg=; b=eI16UQyfjCvH8PW6FpP37ituw3ozGCERZSPEf8TyL1sosZq6nMEKNqmsFxyAFF2npE 5KEHP1V0uAP/8IceNJhCy5GdKpQGGm1SfoD61xuiHNTwDkjjJfmBWOzji7vKjBqBu1CE vezLyFg1l/Ec/g/ND2B/UqZUYRiiBeKlYYG8M=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=Kt6OuTRTuxWDJVbpJolSYuygNca0bqRrbUDWIJddNHFIoqnP4KQSejz6tBge/J21SH j4w7+3Cc9jj4QuPwI6Zv2q+evRqTNoWSg4GNXrp/1L+l6wGH1xWllw4wxtGUaIkTdXMy fYc+VDhDwLxmrKuLkWdY2KfqzLgsvozofLEPY=
- In-reply-to: <20110213213425.5bfe8670@kilik>
- References: <5321.216.60.71.104.1297624196.squirrel@xxxxxxxxxxx> <20110213213425.5bfe8670@kilik>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Sun, Feb 13, 2011 at 9:34 PM, Andrew Lewman <andrew@xxxxxxxxxxxxxx> wrote:
> I've talked to a few services that do one of the following:
>
> - Run a Tor exit enclave, which would only allow exit through Tor to
> Âyour webservers. ÂThere are a few services that run a tor client and
> Âsimply block every IP in the consensus, except their exit enclave.
[snip]
This one can be kind of lame, because some requests to an enclaved
host (in particular, the first one always) will hit some random exit.
Depending how you do the blocking this can give unexpected results.
It would be nice if there were some roadmap to fixing this, since it
really diminishes the usefulness of enclaves as a mechanism for
reducing problems due to misbehaving exits. Likewise, the extra hop
probably washes out a lot of the benefit of an enclave as a
performance enhancement (though not as much as a hidden service).
It can also be tricky to run an enclave when you DNS load-balancing
(especially with multiple datacenters): You must have an 'apparent'
Tor node on every IP that your DNS returns.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/