On Mon, Feb 09, 2009 at 11:10:28PM -0600, Scott Bennett wrote: [...] > I think it would be a useful modification for the authorities to be able > to flag IP addresses and address ranges with BadExit in addition to being > able to flag nicknames and key fingerprints. That way, when a case like > "apple" arises, its career could be greatly hindered by flagging the /24's > of their ISPs.
Internally, this ability exists. In the relevant configuration file, authority operators can mark entire IP ranges as BadExit. This doesn't get propagated to the consensus; instead, they automatically vote for any OR that shows up in a marked IP range as being BadExit. The result's the same, but the client code and the consensus format get to stay a little simpler. yrs, -- Nick

