>>> >>> For c), we'd just check if there's a "p reject 1-65535" line or not. >> >> I think this is a perfectly OK way of doing this considering the use case. > > I agree, as long as we document what "Exit" means, and that there are edge > cases where a relay could be used to exit to a small number of IPs, yet not > have "yes" in the "Exit" column. (A false negative.) > > It may be worth documenting the false positives as well, that is, that there > are many ways a packet could appear to be from an IP, yet not have come via > Tor. > > Are we going to provide a list of exit ports, or does Exonerator not go into > that level of detail?
I'm also a little concerned by this, but I think the acceptable solution is: If a relay can exit on any port at all, it should have "Exit: Yes", because from an investigatory point of view, it CAN act as an exit. However, I'm a little worried that this will lead people to think that the relay can act as a general exit to the web (80, 443). I think it's important that we specify the ports that existed in the exit policy for that relay at that point in time. What's your opinion on this Karsten, Tim? Thanks, Joshua Lee Tucker @tuckerwales _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
