Interesting how the flag works. I think it should be just at least one port with access to one IP address. Also can you really get banned from Gmail? I access my accounts from normal inet, VPN, and Tor depending on what I'm doing... For example I have some emails I only access via Tor...
Sent from my Android so do not expect a fast, long, or perfect response... On Sep 9, 2013 3:46 PM, "Roger Dingledine" <a...@mit.edu> wrote: > On Mon, Sep 09, 2013 at 07:25:06PM +0000, tagnaq wrote: > > I'd like to understand why the exit flag is defined as it is. > > > > The current definition can be found in the directory spec [1]: > > > > " > > "Exit" -- A router is called an 'Exit' iff it allows exits to at > > least two of the ports 80, 443, and 6667 and allows exits to at > > least one /8 address space. > > " > > The Exit flag used to not matter at all. > > Now it matters because clients use it for load balancing. (If you have > the Exit flag then it's likely that other clients are using you as their > exit, so we should avoid using you for non-exit positions in our path.) > > > I assume the exit flag was meant to be used by tor clients only [2] > > because destination port 80/443 are probably amongst the most > > frequently accessed services, but was than (mis)used to generate > > (inaccurate) 'Tor exit IP address lists' (?). > > Does anybody actually do that? > > My experience is that people make a list of all Tor relays at all, and > think of all of them as exiting anywhere, because they've never heard > of exit policies at all. > > > This means that there is no way to tell if a relay actually allows > > exiting (any) traffic simply by looking at relay flags. To actually > > tell you would have to parse exit policies. > > Correct. Consensus flags aren't meant for that. > > > Which one of the following proposals would be more likely too be > > accepted by the Tor Project (if any at all): > > > > - change the definition of the 'exit' flag to include all nodes that > > allow *any* exiting traffic. > > This one is a poor idea, since it will ruin the load balancing which > is the only thing it's used for. > > > - introduce a new flag that is set on all relays allowing *any* exit > > traffic (leaving the current definition of the 'exit' flag unchanged) > > I guess we could do that. But I think it would be a burden on the network, > to say something that doesn't matter in any way and have every client > download it every few hours. > > > As an alternative, better tools to create 'tor exit lists' as > > suggested in [4] and [5], might also do the job. Is someone aware of a > > tool that implements something like that already? > > You don't like https://check.torproject.org/cgi-bin/TorBulkExitList.py ? > > --Roger > > > Something along the lines of: > > > > ./get-tor-exits [relay-IP] target-service-IP[/mask][:port],... > > > > output: boolean if relay-IP is given, > > if no relay IP was given: print a list of all relay IP addresses that > > would allow accessing (any) service in the target IP (range). > > https://www.torproject.org/tordnsel/exitlist-spec.txt > > This is up and running now (exitlist.torproject.org answers these dns > queries), but unmaintained. > > See also > https://trac.torproject.org/projects/tor/ticket/9204 > and > https://trac.torproject.org/projects/tor/ticket/9529 > > --Roger > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsusbscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
