Relay Operators meetup

Open items which were mentioned at day 1

  • Make Tor exit policy AS aware
  • How to improve AS/country diversity
    • Answer the question what are good ISPs
    • have someone who actievly asks ISPs
    • moritz has some templates
  • How can we improve to allow
    • only exiting to specific destination networks
    • block countries
  • enable country/GeopIP based exit policy
  • Tor should pick exit nodes based exit policies to allow for better exit policies
  • Limited liability/abuse generating Tor exit
  • Traffic mangling/intrusion detection on exits: NO!
  • prevent non-encrypted Tor exit traffic from exit policy
    • you have to detect if enc or not
    • port based, but doesn't work
    • client should decide based on exit policy what is allowed and what not
  • put a bandwidth limit on exits
    • don't have more than n% on exit bandwidth
    • look more at organisations than single exits
    • maybe look at ASes
  • opt-in honeybadger (detect QUANTUM INSERT)
    • relay operator are watching traffic
    • "everyone" is watching traffic, but not watching
    • there is no obvious no for this 
    • first do some limited testing
    • send a mail to tor-relays@ and explain how to run it
    • caveat: should not track end-IP
    • we need to figure out how this software works, encourage people to play with it
  • Bad exit scanning, how does it work and what do we check for?
    • TBD

Should we have a small numbers of trusted organisations which run exits or a wide range of anyone?

More concerned with quality than quantity.

Last modified 4 years ago Last modified on Mar 18, 2016, 11:49:54 PM