Re: Contacted by oompaloompa operator: BadExit removed
On 16/02/2011 05:10, Mike Perry wrote: I was contacted by the operator of oompaloompa. He has changed the exit policy of his two nodes to the Reduced policy: http://torstatus.blutmagie.de/router_detail.php?FP=775df6b8cf3fb0150a594f6e2b5cb1e0ac45d09b http://torstatus.blutmagie.de/router_detail.php?FP=babbf0694251e5aff7bf3a0a02efdc12cb99b05f Is this one of the guys who didn't have published contact info? I can see he does at the moment... Did he explain why he didn't have it? -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F signature.asc Description: OpenPGP digital signature
Re: Contacted by oompaloompa operator: BadExit removed
Thus spake t...@lists.grepular.com (t...@lists.grepular.com): On 16/02/2011 05:10, Mike Perry wrote: I was contacted by the operator of oompaloompa. He has changed the exit policy of his two nodes to the Reduced policy: http://torstatus.blutmagie.de/router_detail.php?FP=775df6b8cf3fb0150a594f6e2b5cb1e0ac45d09b http://torstatus.blutmagie.de/router_detail.php?FP=babbf0694251e5aff7bf3a0a02efdc12cb99b05f Is this one of the guys who didn't have published contact info? I can see he does at the moment... Did he explain why he didn't have it? The contact info there is not a valid email address. He contacted me privately via a different one. Since he hasn't updated his contact info to the new address, I'm guessing he prefers not to list it. I have no personal issues with this. I haven't actually spoken to Roger or Peter yet though, they may feel different (though I doubt it). -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpuUwa3TDsh1.pgp Description: PGP signature
Contacted by oompaloompa operator: BadExit removed
I was contacted by the operator of oompaloompa. He has changed the exit policy of his two nodes to the Reduced policy: http://torstatus.blutmagie.de/router_detail.php?FP=775df6b8cf3fb0150a594f6e2b5cb1e0ac45d09b http://torstatus.blutmagie.de/router_detail.php?FP=babbf0694251e5aff7bf3a0a02efdc12cb99b05f He said that he started those two nodes as a test to experiment with Tor, and picked the exit policy quickly off the top of his head, keeping it brief because it was tedious to write. He also gave the following reasons why one might want an exit policy like this (though he said none of these were his reasons): 1. Crypto may not be legal The problem with this is that Tor is already pumping a ton of crypto that was designed to look as much like web TLS as possible. Chaning your exit policy doesn't really help this. 2. IDSs could prevent attacks This would be a great idea in theory, if it ever worked. In practice, IDSs end up being censorship devices for security mailinglists, exploit advisory info, and other information on computer security. We've actually already BadExited quite a few of these types of nodes, because our exit scanner detects the censorship. 3. Plausible deniability due to eliminating additional TLS fingerprints This is an interesting one, and I think I misread what he meant when he first said it, but if it means not having the additional TLS fingerprints of tor client traffic so that your TLS traffic doesn't stand out in the Tor noise, I don't think this works out for you. You end up being obvious because your node would not exit to any TLS ports. At any rate, because the Exit Policy has changed, I've personally updated my authority to remove the BadExit. I believe we're still waiting on one of Roger or Peter. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgp1tsUugpdRp.pgp Description: PGP signature
