On Sun, Feb 13, 2011 at 9:34 PM, Andrew Lewman <and...@torproject.org> wrote: > I've talked to a few services that do one of the following: > > - Run a Tor exit enclave, which would only allow exit through Tor to > your webservers. There are a few services that run a tor client and > simply block every IP in the consensus, except their exit enclave. [snip]
This one can be kind of lame, because some requests to an enclaved host (in particular, the first one always) will hit some random exit. Depending how you do the blocking this can give unexpected results. It would be nice if there were some roadmap to fixing this, since it really diminishes the usefulness of enclaves as a mechanism for reducing problems due to misbehaving exits. Likewise, the extra hop probably washes out a lot of the benefit of an enclave as a performance enhancement (though not as much as a hidden service). It can also be tricky to run an enclave when you DNS load-balancing (especially with multiple datacenters): You must have an 'apparent' Tor node on every IP that your DNS returns. *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/